Connex Credit Union Data Breach – 172,000 Impacted at Connecticut-Based Institution

Woods Lonergan PLLC is a nationally recognized complex commercial and civil litigation firm that represents consumers and businesses in high-stakes data breach class actions against major corporations. We currently have open data breach litigation in Connecticut involving Community Health Center and Yale New Haven Health System. We have successfully pursued data breach lawsuits on behalf of consumers against national corporations, educational institutions, and technology vendors when failures in data security exposed protected personal, educational, and financial information.

Our Data Breach Litigation Team is actively investigating the June 2025 Connex Credit Union data breach, which exposed sensitive personal and financial information of an estimated 172,000 individuals. Connex Credit Union is a Connecticut based Credit Union.

Call Our Data Breach Lawyers 24/7 at (332) 378-0376 or email loganlowe@woodslaw.com for a free and confidential consultation. We take no fees unless we win.

If You Receive a Letter or Email From Connex Credit Union

According to the Maine Attorney General’s Office, notification letters began going out on August 7, 2025, on a rolling basis (Sample Notice).

If you receive such a letter, it will:

Identify the categories of data exposed in your case
Provide instructions for enrolling in complimentary Cyberscout credit monitoring and fraud consultation services
Offer guidance on protecting your accounts and personal records

Connecticut Data Breach Notification Law: Under Connecticut law, organizations must notify affected residents “without unreasonable delay” and provide at least 12 months of identity theft prevention and mitigation services when Social Security numbers are exposed.

If you receive a data breach notification letter or email from Connex Credit Union, Contact Woods Lonergan at (332) 378-0376 to discuss your legal options in confidence and at no cost.

What Information Was Compromised in the Connex Credit Union Data Breach?

Names,
Account numbers,
Debit card details,
Social Security numbers,
Government-issued IDs used to open accounts.

Connex states it has no evidence the breach resulted in unauthorized access to accounts or funds. However, stolen personal and financial identifiers can still be exploited for identity theft, phishing, and fraud.

“Please be aware that scammers are calling/texting members impersonating Connex employees. Connex will never call you and ask for PINs, passcodes or account numbers.” – Connex Credit Union Security Notice

Founded in 1940, Connex is one of Connecticut’s largest credit unions, managing over $1 billion in assets and serving more than 70,000 members across branches in New Haven, Hartford, Middlesex, and Fairfield counties.

How Did the Connex Credit Union Data Breach Happen?

The intrusion took place between June 2 and 3, 2025, and was detected on June 3. An investigation found that attackers may have accessed or downloaded sensitive files. Connex Credit Union offers a full suite of financial services, including checking and savings accounts, credit cards, loans, mortgages, business banking, and online banking tools (Connex Home Page).

“A cyber-attack has compromised the personal and financial data of 172,000 individuals… An investigation found that attackers may have accessed or downloaded sensitive files.” – Alessandro Mascellino, Infosecurity Magazine

What Steps Is Connex Taking?

Offering 12 months of free credit monitoring and identity protection through Cyberscout
Warning members about phishing scams impersonating Connex employees
Collaborating with law enforcement and cybersecurity experts
Enhancing network and system security

Legal Claims Woods Lonergan Is Investigating in the Connex Credit Union Data Breach

Negligence / Negligence Per Se – Failure to implement reasonable security measures.
Breach of Implied Contract – Members entrusted Connex with their data under the expectation it would be protected.
Breach of Fiduciary Duty / Duty of Confidentiality – Failure to protect highly sensitive member records.
Unjust Enrichment – Retaining benefits from members without providing adequate data security.
State Data Breach Statutes – Violations of Connecticut’s breach notification requirements and similar laws in other affected states.

About Connex Credit Union

Founded in 1940, Connex is one of Connecticut’s largest credit unions, managing over $1 billion in assets and serving more than 70,000 members. Headquartered in North Haven, CT, Connex operates branches in Branford, Guilford, Hamden, Meriden, Monroe, New Haven, North Haven, Orange, and Wallingford. Connex is a member-owned, not-for-profit financial cooperative providing personalized banking services to individuals, families, and businesses across New Haven, Hartford, Middlesex, and Fairfield counties.

Contact Our Data Breach Litigation Team

If you believe your information was exposed in the Connex Credit Union data breach, contact us for a free and confidential consultation. Woods Lonergan’s expert data breach lawyers are skilled at securing affected individuals the justice they deserve. Call us 24/7 at (332) 378-0376 or email loganlowe@woodslaw.com — we take no fees unless we win.

About Woods Lonergan PLLC

Woods Lonergan PLLC is a nationally recognized plaintiff firm specializing in complex civil litigation, including class action, data privacy, and cybersecurity matters. We have a proven track record of successfully holding corporations accountable for data breaches and protecting the rights of consumers. Our firm is currently representing plaintiffs in open litigation for numerous significant data breaches in 2025, including cases involving Powerschool, Ahold Delhaize, Aflac Insurance, Allianz Insurance, Johnson Controls, Community Health Center, Columbia University, DISA Global Solutions, and New Haven Health. Notably, in 2025, Woods Lonergan settled the 23andMe Data Breach Lawsuit for $30 million in the Northern District of California and reached a multi-million dollar settlement in the Sunflower Medical Group data breach case in the U.S. District Court for the District of Kansas.

FAQs About the Connex Credit Union Data Breach

Q: What is phishing, and why is it relevant here?

A: Phishing is a cyberattack where criminals impersonate legitimate organizations (in this case, Connex) to trick victims into revealing sensitive information like passwords or account numbers.

Q: What should I do if I suspect identity theft?

A: Immediately place a fraud alert with major credit bureaus, monitor your accounts closely, and consider freezing your credit.

Q: Is Connex legally required to offer free credit monitoring?

A: Yes. Connecticut law requires at least 12 months of identity theft protection when SSNs are compromised.

Q: Could my funds be stolen?

A: Connex reports no evidence of account access, but stolen information could be used in future scams or fraudulent activity.

Q: What legal rights do I have?

A: Potential claims may include negligence, breach of contract, and violations of state data breach statutes.

Sources:

About the Author

Andrew S. Read has worked at Woods Lonergan PLLC since 2008. Upon joining the firm, he initially worked as a clerk while he attended law school. For the past 7 years, Andrew has worked as litigation counsel concentrating in commercial and real estate matters. His broad-based experience includes commercial litigation, business startup counseling, as well as real and intellectual property matters. Andrew is admitted to practice in the State of New York and in the Southern District of New York.