Appalachian Community Federal Credit Union: Appalachian Community Federal Credit Union Data Breach Lawsuit Investigation

Appalachian Community Federal Credit Union Hit by Qilin Ransomware Attack, Exposing Sensitive Member Data

Appalachian Community Federal Credit Union (ACFCU), a member-owned financial cooperative serving communities in Tennessee, Virginia, and Kentucky, disclosed a ransomware attack that compromised sensitive personal and financial data. The breach was detected on October 7, 2025, when the credit union identified a disruption in its computer systems. After taking its network offline and launching a forensic investigation, ACFCU confirmed on October 10, 2025, that data had been exfiltrated.

The attack was attributed to Qilin, a ransomware group that later claimed responsibility, publishing 75 GB of stolen data on the dark web on November 18, 2025. A thorough review determined that exposed information included names, Social Security numbers, and financial account details. Affected individuals were notified on December 1, 2025, and the incident was reported to federal law enforcement and the Massachusetts Attorney General’s office on December 31, 2025.

As of the notification, ACFCU stated there was no evidence of fraud or misuse stemming from the breach. The credit union offered affected members free credit monitoring and fraud assistance through Cyberscout (a TransUnion company) as part of its response.

The investigation into the breach remains ongoing, with class action law firm Shamis & Gentile P.A. examining potential legal claims for compensation on behalf of impacted individuals.

Source: https://www.claimdepot.com/investigations/appalachian-community-federal-credit-union-data-breach-2025

Appalachian Community Federal Credit Union cybersecurity rating report: https://www.rankiteo.com/company/appalachian-community-federal-credit-union

"id": "APP1767212013",
"linkid": "appalachian-community-federal-credit-union",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Johnson City, Tennessee, USA',
                        'name': 'Appalachian Community Federal Credit Union',
                        'type': 'Financial Cooperative'}],
 'customer_advisories': 'Notification letters sent to affected individuals '
                        'with instructions for credit monitoring and fraud '
                        'assistance',
 'data_breach': {'data_exfiltration': 'Yes (75 GB of data published on the '
                                      'dark web)',
                 'personally_identifiable_information': ['Name',
                                                         'Social Security '
                                                         'number'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Financial Account Information']},
 'date_detected': '2025-10-07',
 'date_publicly_disclosed': '2025-12-01',
 'description': 'Appalachian Community Federal Credit Union (ACFCU) '
                'experienced a ransomware attack by the group known as Qilin, '
                'resulting in the exposure of sensitive personally '
                'identifiable information of its members. The breach was '
                'discovered on October 7, 2025, and involved the exfiltration '
                'of 75 GB of data, which was later published on the dark web.',
 'impact': {'data_compromised': '75 GB of data',
            'identity_theft_risk': 'High',
            'operational_impact': 'Network taken offline',
            'payment_information_risk': 'High',
            'systems_affected': 'Computer systems and network'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
 'recommendations': ['Enroll in free credit monitoring and fraud assistance '
                     'services',
                     'Monitor credit reports and account statements',
                     'Place a fraud alert or security freeze on credit files',
                     'Report suspected identity theft or fraud to law '
                     'enforcement',
                     'Stay vigilant for phishing attempts'],
 'references': [{'source': 'Shamis & Gentile P.A.'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to '
                                                       'Massachusetts Attorney '
                                                       'General’s office'},
 'response': {'communication_strategy': 'Notification letters to affected '
                                        'individuals',
              'containment_measures': 'Network taken offline',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes (Federal law enforcement and '
                                          'Massachusetts Attorney General’s '
                                          'office)',
              'third_party_assistance': 'Forensic specialists, Cyberscout '
                                        '(TransUnion)'},
 'threat_actor': 'Qilin',
 'title': 'Appalachian Community Federal Credit Union Data Breach',
 'type': 'Ransomware Attack'}