Communication Federal Credit Union (CFCU), a $2.3-billion financial institution, suffered a data breach between late December 2023 and early January 2024, resulting in unauthorized access to its systems. The incident exposed sensitive personal data of members, including names, birthdates, addresses, Social Security numbers, driver’s license details, and financial account information. Following an investigation, CFCU notified affected individuals and agreed to a $2.9-million class-action settlement, which received preliminary court approval in August 2025. The breach led to potential financial fraud risks for members, reputational damage for the credit union, and legal repercussions. While CFCU denied wrongdoing, it committed to enhancing data security measures. Compensation for victims will be distributed pending final court approval and resolution of any appeals.
TPRM report: https://www.rankiteo.com/company/communication-federal-credit-union
"id": "com5510555110525",
"linkid": "communication-federal-credit-union",
"type": "Breach",
"date": "12/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'U.S. residents notified of '
'potential exposure (exact '
'number unspecified)',
'industry': 'Financial Services',
'location': 'Oklahoma City, Oklahoma, USA',
'name': 'Communication Federal Credit Union',
'size': '$2.3 billion in assets',
'type': 'Credit Union'}],
'customer_advisories': 'Notified affected members; settlement details '
'communicated',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'confirmed)',
'personally_identifiable_information': ['Names',
'Birthdates',
'Addresses',
'Social Security '
'numbers',
'Driver’s license '
'details'],
'sensitivity_of_data': 'High (includes SSNs, driver’s license '
'details, and financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial account information']},
'description': "Unauthorized access to Communication Federal Credit Union's "
'systems potentially exposed sensitive member information, '
'including names, birthdates, addresses, Social Security '
'numbers, driver’s license details, and financial account '
'information. A $2.9-million class-action settlement was '
'agreed upon, with preliminary court approval granted on '
'August 21, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive member data',
'data_compromised': ['Names',
'Birthdates',
'Addresses',
'Social Security numbers',
'Driver’s license details',
'Financial account information'],
'financial_loss': '$2.9 million (settlement amount)',
'identity_theft_risk': 'High (due to exposure of PII and financial '
'data)',
'legal_liabilities': '$2.9 million settlement for class-action '
'lawsuit',
'payment_information_risk': 'Potential (financial account '
'information exposed)'},
'investigation_status': 'Completed (settlement reached; final approval '
'pending)',
'post_incident_analysis': {'corrective_actions': 'Strengthening data security '
'measures (specifics '
'unspecified)'},
'references': [{'source': 'ClassAction.org'}],
'regulatory_compliance': {'legal_actions': '$2.9 million class-action '
'settlement (preliminary approval '
'on August 21, 2025; final hearing '
'scheduled for January 7, 2026)'},
'response': {'communication_strategy': 'Notified affected individuals; public '
'disclosure via ClassAction.org',
'incident_response_plan_activated': 'Yes (investigation '
'conducted and affected '
'individuals notified)',
'remediation_measures': 'Steps taken to strengthen data security '
'(specifics unspecified)'},
'stakeholder_advisories': 'Notified affected individuals of potential '
'exposure',
'title': 'Communication Federal Credit Union Data Breach (December 2023 - '
'January 2024)',
'type': 'Data Breach'}