Hackers accessed financial and personal information from unencrypted files at the $200 million MemberSource Credit Union on June 3, 2025, affecting more than 22,000 persons. However, the Houston, Texas-based credit union didn't inform its members about the data breach until May 7, 2026, when it mailed notification letters.
Although the credit union described the incident as a "network data event," it allegedly was a ransomware attack, according to Ransomware.Live, a cybersecurity intelligence website that tracks ransomware activity worldwide in near real time.
On June 17, 2025, the SafePay ransomware group claimed responsibility for the MemberSource breach and said it exfiltrated approximately 50 GB of data, according to information posted by Ransomware.Live.
In a notification letter to members, the credit union reported the data taken from its network included unencrypted files that contained names, Social Security numbers, driver's license/state identification numbers and financial account information.
MemberSource did not identify the incident as a ransomware attack in its letter to members. The letter acknowledged that operations were disrupted, although it did not specify for how long.
"Upon experiencing the disruption, we partnered with specialists to investigate the nature and scope of the event and restore our operations safely and securely," MemberSource's letter stated. "We reset user passwords and reported the incident to federal law enforcement. We are also reviewing our existing security controls, policies and procedures we have in place to maximize the benefits of our encryption software and continue to remain resilient and well protected against future threats."
MemberSource noted that this event did not disrupt its core system, which manages member data and is hosted outside the branch network. The credit union, which serves nearly 15,000 members, operates five branches, according to its website.
After confirming data had been taken from its network, MemberSource said it launched a thorough analysis of the data to determine whether it contained unencrypted sensitive information. This process and the subsequent detailed review of files took 10 months.
"We completed our extraction of unencrypted data from the encrypted data in August of 2025," MemberSource's letter stated. "From there we performed a detailed review of those files for personal information to identify the individuals to whom the information belonged, and confirm their last known address so they could be notified. This review and address supplementation concluded on April 1, 2026."
On May 11, the Texas Attorney General's office posted that MemberSource's data breach had affected 22,308 Texans.
MemberSource emphasized that it has not received reports of fraud, identity theft or actual or attempted misuse of members' information.
Nevertheless, the credit union said it is providing members with one year of free access to credit monitoring, fraud assistance and remediation services.
When contacted, MemberSource said it would respond to CU Times' request for information and forward a reply in a timely manner. But the credit union added it was not able to do so in a short timeframe to meet deadline.
Peter Strozniak can be reached at peter.strozniak@arc-network.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.