In a March 10 data breach notification letter, the $142 million MetroWest Community Federal Credit Union in Framingham, Mass., said hackers gained access to its computer systems, potentially exposing the personal information of more than 20,000 individuals.
On Sept. 1, 2025, MetroWest said it began receiving alerts for suspicious activity on certain systems in its network and launched an investigation, according to the data breach notification letter the credit union filed with Maine's Attorney General's office last week.
In Maine, 132 residents may have been affected by the data breach. MetroWest currently serves 6,846 members.
"The forensic investigation determined that on Sept. 3, 2025, there was unauthorized access to certain systems and certain files were copied without permission. MetroWest undertook a comprehensive review of the data at risk to assess what sensitive information could be affected, and to whom it relates," the credit union said. "MetroWest completed this review on Jan. 12, 2026, and then worked to locate addresses for impacted individuals. The information that could have been subject to unauthorized access includes name, Social Security number, financial account number, routing number and payment card number."
MetroWest also said it reported the incident to the FBI and is assisting in the investigation.
The credit union said it is offering two years of free credit monitoring services to individuals whose personal information was potentially affected by this incident. MetroWest also said it is working to implement additional safeguards and training for its employees.
Peter Strozniak can be reached at peter.strozniak@arc-network.com.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.