Credit unions in Georgia and Alaska have reported data breaches, including a ransomware incident, which exposed the personal and banking information of more than 53,000 individuals.
The $160 million Georgia Heritage Federal Credit Union in Savannah reported a ransomware attack that occurred Jan. 25, 2025, and was discovered less than a month later on Feb. 10, 2025. The breach affected 43,077 individuals, according to an April 17 public filing with the Maine Attorney General's Office. The credit union serves more than 15,000 members.
However, the filings showed Georgia Heritage did not mail consumer notification letters until Jan. 15, 2026.
According to the credit union's investigation, information potentially exposed included names, addresses, dates of birth, driver's license or state identification numbers, employment-related information, financial account information, foreign national identification numbers, health-related information, passport numbers, personal email addresses, telephone numbers, Social Insurance numbers and Social Security numbers.
"Upon discovery of the unauthorized activity, GA Heritage immediately secured its network and promptly engaged a specialized third-party cybersecurity firm to conduct a comprehensive investigation to determine the nature and scope of the incident," the credit union said in its notification letter. "Since the discovery of the incident, GA Heritage moved quickly to investigate, respond and confirm the security of our systems. Specifically, GA Heritage changed all user credentials, enhanced the security measures, and will continue to take steps to mitigate the risk of a similar event occurring in the future."
The $129 million Alaska Air Group Federal Credit Union in Seatac, Wash., reported March 5, 2026, that a third-party IT service provider experienced a cybersecurity incident. The breach allowed unauthorized actors to access the credit union's IT system, potentially exposing the personal and banking information of 10,705 individuals, according to an April 17 public filing with the Attorney General's office in Maine.
The breach was discovered on March 9 and the credit union mailed consumer notification letters on April 16.
Alaska Air Group said the exposed information may have included account numbers, dates of birth, passport number, driver's license numbers, Social Security numbers, tax identification numbers and routing numbers.
"Although account information was in affected files, no passwords, personal identification numbers (PINs), or similar data was involved, and access to accounts is not possible with only this information," the credit union stated in its notification letter. "We have prioritized notifying our members of this incident. If our review concludes that additional individuals' data was affected, they will receive a separate notification."
Alaska Air Group FCU currently serves more than 8,700 members.
"We took immediate protective actions to contain the activity and retained industry leading cybersecurity experts to support our investigation and response," the credit union said. It is our priority to continue to deploy the level of robust security protocols, continuous monitoring and staff training needed to prevent and defend against sophisticated cybersecurity threats."
Although both credit unions have said they are unaware of any fraudulent use of their members' personal and banking information, they are offering affected individuals free credit monitoring services.
Both credit unions also posted alerts on their websites and social media pages, reminding members to avoid engaging with fraudulent emails, phone calls and text messages.
Peter Strozniak can be reached at peter.strozniak@arc-network.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.