FAIRMONT – More than a dozen lawsuits have been filed against Fairmont Federal Credit Union for failing to protect “sensitive personally identifiable information” of consumers.
A dozen lawsuits have been filed in state court in Marion County, and three others have been filed in federal court. All 15 lawsuits have been filed in the last few weeks by a variety of local and national attorneys. The company recently sent out notices to more than 187,000 people about a data breach from nearly two years ago that may have leaked personal information.
The breach happened on Sept. 30, 2023, but wasn’t discovered until January of 2024. The notification was sent to account holders who may have been exposed, and it said people’s names and other personal identifiers were stolen by a hacker. The credit union also said it is not aware of any reports of identity fraud as a direct result of this breach.
“The data breach occurred in part because FFCU stored plaintiffs’ and class members’ private information in an unencrypted, Internet-accessible environment,” one of the complaints states. “After FFCU discovered the data breach on or about January 23, 2024, it conducted an investigation which concluded on August 17, 2025, ‘that one or more of the files accessed and/or acquired by the unauthorized party between September 30, 2023, and October 18, 2023, may contain personal information …’
“Despite learning about the breach on January 23, 2024, FFCU incredibly waited over a year and a half until September 11, 2025 to begin notifying impacted individuals of the unauthorized access.”
In addition to the release of the personal information, at least one of the plaintiffs says he has had money wired from his account following the data breach. Some also say they have had an increase in spam phone calls.
The complaints accuse Fairmont FCU of negligence, breach of implied contract, unjust enrichment and other claims.
The plaintiffs seek actual damages, compensatory damages, statutory damages, punitive damages, statutory penalties, equitable relief, credit monitoring, pre- and post-judgment interests, court costs, attorney fees and other relief.
“After an extensive investigation, we concluded on or about August 17, 2025, that one or more of the files accessed and/or acquired by the unauthorized party between September 30, 2023, and October 18, 2023, may contain personal information including, full name, date of birth, address, Social Security number, U.S. Alien registration number, passport number, driver’s license or state ID number, military ID number, Tax ID number, non-U.S. national identification number, financial account number, routing number, financial institution name, credit card/debit card number, security code/PIN number, credit card/debit card expiration date, IRS PIN number, treatment information/diagnosis, prescription information, provider name, MRN/patient ID, Medicare/Medicaid number, health insurance policy/subscriber number, other health insurance information, treatment cost information, full access credentials, security questions and answers, and digital signatures.” reads the data breach notification letter sent to the affected customers.
The exposed information varies for each individual, however in incident also exposed financial data such as card/debit card details. The credit union also has offered guidance, free credit reports and credit monitoring for those customers with exposed SSNs.
Those with questions about the data breach are asked to call 1-888-562-7091 from 9 a.m. to 9 p.m. Monday through Friday.
The list of the West Virginia attorneys who have filed the lawsuits includes Tim Bailey, Ryan Donovan, Troy Giatras, Hoyt Glazer, Christopher Pence, Christopher Pritt, Zak Ritchie, Rod Smith, Michael Stonestreet and Alex Urban.
