Call +1 (979) 282-5845
Back to news
Cybersecurity Alert
May 25, 2026 by EmailMeNow IT Consulting

MemberSource Credit Union Data Breach Exposes Unencrypted Data of Over 22,000 Texans

MemberSource Credit Union has notified 22,308 Texans of a data breach involving names, Social Security numbers, driver’s license numbers, and financial account information. An independent audit shows the credit union’s email security has significant gaps.

Source: CU Times

Data BreachCredit UnionRansomwareTexasCybersecurityUnencrypted Data
Illustration of data breach affecting credit union members and financial information

MemberSource Credit Union, a Houston-based credit union with multiple branches in Texas, has disclosed a data breach affecting 22,308 Texans.

The breach occurred on June 3, 2025, when unauthorized actors gained access to the credit union’s network and exfiltrated sensitive member data. The SafePay ransomware group later claimed responsibility for the attack.

What Data Was Exposed?

The following unencrypted data was accessed and stolen:

  • Names
  • Social Security numbers
  • Driver’s license or state identification numbers
  • Financial account information

Because the data was stored in unencrypted form, it was immediately usable by the attackers.

Delayed Notification

Although the incident occurred in June 2025, MemberSource did not begin notifying affected members until May 7, 2026 — nearly 11 months later. Notification letters were mailed after a lengthy review process to identify all impacted individuals.

The breach has been reported to the Texas Attorney General and is listed in the state’s official Data Security Breach Reports.

Independent Email Security Audit

An independent audit of membersourcecu.org reveals notable gaps in the credit union’s email security posture:

Audit Link: https://audit.emailmenow.com/?domain=membersourcecu.org

These weaknesses likely made it easier for threat actors to conduct phishing and social engineering attacks, increasing the risk to members and the organization.

Why This Breach Matters

This incident highlights several important issues for Texas organizations:

  • Storing sensitive personal and financial data in unencrypted form significantly increases risk.
  • Long delays between breach discovery and member notification can worsen harm to affected individuals.
  • Weak email security controls make organizations more vulnerable to impersonation and phishing campaigns.

Recommendations for Organizations

  • Regularly audit your email security (SPF, DKIM, DMARC) and overall domain posture.
  • Ensure sensitive data is properly encrypted both at rest and in transit.
  • Develop and test a formal incident response plan, including timely notification procedures.
  • Consider ongoing security awareness training to reduce the risk of successful social engineering attacks.

Protect your organization and clients.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your email security, encryption readiness, and overall compliance posture.

Contact EmailMeNow IT Consulting for help with security assessments, incident response planning, and email security hardening.

Source: MemberSource CU Breach Exposes Unencrypted Data of 22,000 Persons – CU Times