MemberSource Credit Union Data Breach Lawsuit Investigation
Received a May 2026 breach notice from MemberSource Credit Union?
Dapeer Law, P.A. is investigating a potential class action against MemberSource Credit Union, a Houston, Texas member-owned financial cooperative, on behalf of members whose names, Social Security numbers, driver's license or state identification numbers, and financial account information may have been exposed in the June 2025 cyber incident affecting its branch computer networks.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from MemberSource Credit Union dated May 2026.
- Your letter offered enrollment in 12 months of free Cyberscout (a TransUnion company) single-bureau credit monitoring, credit reports, and credit scores.
- You had personal or financial information held by MemberSource Credit Union in its capacity as a member-owned financial cooperative.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On June 3, 2025, MemberSource Credit Union ("MemberSource"), a Houston, Texas member-owned financial cooperative serving members since 1958 and headquartered at 10100 Richmond Avenue in Houston, detected a disruption in certain of its branch computer networks. The credit union states that it immediately engaged third-party cybersecurity specialists to investigate the event and restore operations, and that the resulting inquiry confirmed that data had been exfiltrated from the affected network. According to the public notice, MemberSource's core system, where member data is normally stored, is hosted outside of the compromised branch networks and was not impacted by the incident.
MemberSource completed its review of the extracted files in August 2025 and finished verifying member addresses on April 1, 2026. Member notification letters began going out on or around May 7, 2026, and the incident was reported to the California Attorney General on May 8, 2026, roughly 11 months after the disruption was discovered. The notice states that the affected unencrypted files contained members' names, Social Security numbers, driver's license or state identification numbers, and financial account information. MemberSource is offering 12 months of complimentary single-bureau credit monitoring, credit reports, and credit scores through Cyberscout, a TransUnion company, along with proactive fraud assistance for impacted individuals.
Because Social Security numbers, government-issued identification numbers, and financial account information can be used to open fraudulent credit accounts, file false tax returns, drain bank accounts, and commit other forms of identity theft, the categories of data reportedly involved in this incident raise heightened concerns for credit union members. Whether MemberSource's pre-breach security practices for its branch network environment met the standards expected of a federally insured financial institution, and whether the roughly 11-month notification delay caused additional harm to affected members, are among the issues being evaluated.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the enrollment code for the free Cyberscout credit monitoring service and is important evidence if you decide to participate in a lawsuit.
Enroll in the free 12-month Cyberscout credit monitoring
Enroll in the Cyberscout (TransUnion) single-bureau credit monitoring, credit reports, and credit scores offered in your letter within 90 days of the date printed on the notice by visiting bfs.cyberscout.com/activate and entering the unique enrollment code included in the notice. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide. Because Social Security numbers, driver's license or state identification numbers, and financial account information were reportedly involved, you should also place a fraud alert or security freeze on your credit file with all three major bureaus, contact MemberSource and any other financial institutions where you hold accounts to flag your accounts for unusual activity, watch for unfamiliar tax filings or unemployment claims under your Social Security number, and consider notifying your state's department of motor vehicles about the potential misuse of your driver's license number.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options under California, Texas, and other state breach-notification and consumer-protection laws, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, Social Security number-based identity theft, tax-refund fraud, driver's license fraud, unauthorized withdrawals or transfers from financial accounts, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring MemberSource Credit Union to implement stronger data security, network segmentation, and encryption practices going forward.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from MemberSource Credit Union. What should I do? +
Keep the letter, enroll in the free 12-month Cyberscout (TransUnion) single-bureau credit monitoring, credit reports, and credit scores within 90 days of the notice by visiting bfs.cyberscout.com/activate and entering the unique enrollment code included in the notice, place a fraud alert or security freeze on your credit file with all three major bureaus, contact MemberSource and any other financial institutions where you hold accounts to flag your accounts for unusual activity, watch for unfamiliar tax filings or unemployment claims under your Social Security number, and contact a data breach attorney for a free consultation. Accepting credit monitoring does not waive your right to sue.
Am I eligible to join a class action against MemberSource Credit Union? +
If you received a May 2026 data breach notice from MemberSource Credit Union, you are likely eligible for a free case evaluation. Eligibility depends on your state of residence, the categories of your data that were exposed, and any losses you have suffered. Dapeer Law will review your notice at no cost.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
MemberSource's notice states that the affected unencrypted files contained members' names, Social Security numbers, driver's license or state identification numbers, and financial account information. These categories of data can be used to open fraudulent credit accounts, file false tax returns, drain bank accounts, and commit other forms of identity theft. Your individual notice letter should confirm the specific data elements identified for you.
Did MemberSource Credit Union offer free credit monitoring? +
Yes. MemberSource is providing 12 months of complimentary single-bureau credit monitoring, credit reports, and credit scores through Cyberscout, a TransUnion company, along with proactive fraud assistance. The enrollment deadline is 90 days from receiving your letter. Enroll at bfs.cyberscout.com/activate using the unique enrollment code printed in your notice. Enrollment is separate from, and does not waive, your right to pursue a claim.
How many people were affected by the MemberSource Credit Union breach? +
The total number of affected members has not been publicly disclosed in the California Attorney General filing. This page will be updated as additional information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
The notice is publicly available through the California Attorney General's data breach list (linked in Sources below). If you received a letter but no longer have it, Dapeer Law can assist you in obtaining a copy during your free consultation.
Sources & references
- Official breach notice filing · California Attorney General, MemberSource Credit Union Breach Notice (PDF)
- Company · MemberSource Credit Union (membersourcecu.org)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
