The Pentagon Federal Credit Union says a laptop infected with malware has left the personal and financial information of some members exposed.
In a letter to the New Hampshire Attorney General office - first published by Softpedia - PenFed's lawyers reveal that the credit union discovered in mid-December that the laptop had been infected.
The malware permitted access to a database containing names, addresses, social security numbers, account numbers and credit and debit card numbers of PenFed members, joint owners, ex-members, staff and beneficiaries.
Around 514 New Hampshire residents are affected by the breach but the credit union says it has no evidence that the information has been misused so far.
The unauthorised code has been removed and PenFed has "identified the means by which the information was accessed and has taken appropriate steps to prevent this from recurring," says the letter.
Meanwhile, affected members are being written to with the offer of two years of free access to the Kroll ID TheftSmart service.