Incident Overview
- Breach Dates: Unauthorized access occurred between June 2–3, 2025.
- Discovery: Connex detected the incident on June 3, 2025.
Scope of Breach
- People Affected: 172,000 individuals had their information compromised.
- Data Exposed:
- Full names
- Account numbers
- Debit card details
- Social Security numbers
- Government-issued IDs (such as driver’s licenses or passports)
Nature and Cause of Attack
- Type: Classified as external system breach (hacking)
- Method: Intruder accessed internal files, which may also have been downloaded.
- Funds: Connex reports no evidence of direct theft of funds. Only sensitive personal and financial data appear to be compromised.
Response Timeline
- Notification: Connex began informing its members of the breach on August 7, 2025.
- Support Measures:
- Complimentary identity theft protection via CyberScout
- Credit monitoring: Single-bureau monitoring offered for either 12 or 24 months, depending on severity or member preference.
Risks and Recommendations
- Identity Theft: Data exposed could be used for fraudulent activities (e.g., opening new accounts, impersonation).
- Member Guidance:
- Monitor accounts and promptly report suspicious activity.
- Review credit reports regularly.
- Be alert to scam communications, such as phishing emails or calls impersonating Connex staff.
- Use the offered identity protection and credit monitoring services.
Legal Implications
- Investigations: Multiple law firms have initiated investigations and are considering potential class-action lawsuits on behalf of affected members.
Additional Notes
- Connex urges caution regarding impersonation scams—attackers may use stolen information to trick members with fraudulent contact attempts.
- The breach highlights ongoing cybersecurity risks facing financial institutions, emphasizing the importance of rapid detection, comprehensive notification, and strong protective measures for affected individuals.
