Appalachian Community Federal Credit Union has notified 30,797 people about an October 2025 data breach, according to a new disclosure from the Indiana state attorney general.
The breach compromised names, Social Security numbers and financial account info.
A ransomware gang called Qilin took credit for the breach shortly after it occurred, saying it stole 75 GB of data.
ACFCU has not verified Qilin’s claim. We do not know if ACFCU paid a ransom, how much Qilin demanded, or how attackers breached the credit union’s network. Comparitech contacted ACFCU for comment and will update this article if it replies.
“On October 7, 2025, we learned of a disruption to our computer systems,” says ACFCU’s notice (PDF) to victims. “As part of our investigation, we confirmed on October 10, 2025, that data was taken from our network.”
ACFCU is offering eligible victims free credit monitoring through TransUnion. The deadline to enroll is 90 days from the date on the notice letter.
Who is Qilin?
Qilin is a ransomware gang that began taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin was the most active ransomware group in 2025, when it claimed responsibility for more than 1,000 attacks. 173 of those attacks claims were corroborated by the targeted organizations, which notified more than 3.5 million people in total.
ACFCU is not the first bank hacked by Qilin. Last year, it took credit for 33 breaches at US financial institutions. Most of those stemmed from a single attack on a vendor used by multiple South Korean banks.
Qilin’s other confirmed attack claims on finance companies include:
- Lawyer’s Mutual Insurance Company notified 6,747 people of a May 2025 data breach
- Microf notified 38,650 people of a June 2025 data breach
In 2026 to date, Qilin has claimed responsibility for 41 attacks, none of which have been confirmed yet.
Ransomware attacks on US finance
Comparitech researchers logged 51 confirmed ransomware attacks on US banks and other financial institutions in 2025. Those attacks compromised the data of almost 765,000 people.
Three more companies have started notifying victims of data breaches this year, including:
- First federal Savings & Loan Association of Pascagoula Moss Point notified 2,334 Texans of a February 2025 data breach claimed by Play Ransomware
- Money Mart reported a November 2025 data breach claimed by Everest
- Jeffrey W. Krol & Associates notified 3,067 people of a November 2025 data breach claimed by Sinobi
Ransomware attacks on US banks can lock down computer systems and steal data. The attackers then demand a ransom in exchange for deleting the data and a key to restore infected systems. If the bank refuses, it faces extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Appalachian Community Federal Credit Union
Based in Kingsport, TN, ACFCU is a credit union consisting of six branches: five in Tennessee and one in Norton, VA. It manages $170 million in assets as of the latest annual report posted on ACFCU’s website.
