ALEXANDRIA, Va.–Approximately 60 credit unions in the U.S. have been hit with outages due to a ransomware attack on Ongoing Operations, a unit of St. Petersburg, Fla.-based Trellance.
NCUA has confirmed the attack and in a statement to the media said it is “coordinating with affected credit unions” in response.
One of the credit unions affected is the $52.5-million Mountain Valley FCU in Peru, N.Y.
In a statement on the CU's website, Mountain Valley FCU CEO Maggie Pope states, “As of today, MVFCU’s data processing system remains non-operational. Our data processor is working diligently around the clock to get them back online. Due to the number of credit unions across the country that have been affected by this, we are seeing a longer resolution time for when the system will be back up. We are hopeful that it will be soon.”
The credit union said the only services affected are online and mobile banking and that debit cards and other systems are functional.
Agency Received Incident Reports
NCUA Spokesperson Joe Adamoli said in a statement to a number of news outlets that NCUA had begun receiving incident reports from CUs that were sent a message from Ongoing Operations saying the company was hit with ransomware on Nov. 26.
Statement from Vendor
Meanwhile, Ashland, Ore.-based Ongoing Operations, which says on its website it is a “CUSO…that provides services that allow credit unions to operate without interruption, even when nothing else seems to be going well,” said in a statement to Recorded Future News, “Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event. We also notified federal law enforcement. At this time, our investigation is currently ongoing, and we will continue to provide updates as necessary. Please know that at this time, we have no evidence of any misuse of information, and we are providing notice in an abundance of caution to ensure awareness of this event.”
Adamoli said the agency is coordinating with the affected credit unions and reminded that all of the member accounts are insured by the NCUSIF.
NCUA said has also informed the U.S. Department of the Treasury, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Security Agency about the incident.
‘Downstream Effects’
According to Recorded Future News, the attack is having “larger downstream effects on other credit union technology providers," including on Fairfax, Va.-based FedComp, which offers data processing solutions.
Recorded Future News quoted a statement on the FedComp website that says, “the FedComp Data Center is experiencing technical difficulties and is under a country wide outage. We are down with no ETA, but Trellance is still working on resolving the issue. There is no email support, but the Tech line is available,” the statement said.
A CUToday.info review shows that statement is no longer posted on the website.
Issue One NCUA Has Been Highlighting
The outage comes as NCUA has been repeatedly warning credit unions of the threats posed by cyberattacks, with NCUA Chairman Todd Harper and other members of the board saying the threat is the one that “keeps me up at night.” Other NCUA board members have made similar statements.
The attack also highlights an issue Harper and the other board members have also raised, which is the lack of third-party vendor oversight by NCUA. The NCUA board has repeatedly requested that authority from Congress, including in Harper’s most recent appearances before the House and Senate.
NCUA officials often note it is the only federal financial regulator lacking such authority.
New Reporting Rules
As CUToday.info reported, in February NCUA approved its new cyber incident reporting rule, which requires credit unions to inform NCUA of any “reportable” incident within 72 hours.
The agency also issued a Letter to Credit Unions on the issue in August.
Your Best Holiday Shopping Offer is Here!
The biggest, best and freshest news reporting in credit unions remains free! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?