ROMEOVILLE, Ill. — The $380-million Abri Credit Union here has disclosed a major data breach that exposed sensitive personal information of its members, according to reporting by Credit Claim Depot and a disclosure filed with the Massachusetts Attorney General.
Abri said on Dec. 1, 2025, that its systems had experienced unauthorized access. The breach stemmed from malicious activity on its network between May 3 and May 4, 2024, but was not detected until more than a year later during a forensic review involving external cybersecurity experts.
During that window of compromise, the unauthorized actor accessed and potentially acquired a range of personally identifiable information, including full names, Social Security numbers, driver’s license numbers, credit and debit card numbers, and other financial account data. At least 463 Massachusetts residents were confirmed affected; the total number of impacted members nationwide is expected to be significantly higher.
The delayed discovery of the incident — more than a year after the unauthorized access occurred — raises heightened concerns about the potential misuse of the sensitive data for identity theft, financial fraud and other malicious activities. Abri has not publicly detailed how the attacker gained initial access, Claim Depot said.