Cyber Incident Victim: Via Credit Union

On January 18, 2025, Via Credit Union, a financial services institution based at 4505 S. Adams St. in Marion, Indiana, experienced an external system breach resulting from hacking activity. The breach was discovered six days later on January 24, 2025, triggering an investigation that confirmed unauthorized access to systems containing customer data. The compromise affected 60,853 individuals nationwide, including four residents of Maine. Exposed information included names combined with other personal identifiers, though the notification did not specify whether financial account details, Social Security numbers, or other sensitive data elements were involved. No evidence suggested the breach stemmed from insider threats or physical record theft, with the compromise limited to digital systems. The credit union engaged legal representation from Polsinelli PC, with shareholder Alexander Boyd submitting mandatory breach disclosures to regulatory authorities.

Via Credit Union initiated written notifications to all affected consumers on February 24, 2025, thirty days after breach discovery. The institution offered twelve months of identity theft protection through Experian IdentityWorks Credit 3B, which typically includes credit monitoring, dark web surveillance, and insurance coverage for related fraud losses. Maine residents received a dedicated notification document titled "Via_Credit_Union_-_Adult_One_Year_CM.pdf," consistent with that state's consumer protection requirements. No prior breach notifications had been issued by the credit union within the preceding twelve-month period. The organization did not publicly disclose technical details regarding attack vectors, malware variants, containment procedures, or whether law enforcement investigations were ongoing. Impacted members were directed to contact Experian for enrollment in protection services, with no reported delays or complications in the notification process.