The Trellance hack threatens millions of credit union depositors.
About 60 credit unions have experienced outages due to a ransomware attack on a popular technology provider. Joseph Adamoli, a representative of the National Credit Union Administration (NCUA), said that the target of the attack was the cloud service provider Ongoing Operations, owned by the credit union technology firm Trellance.
Adamoli said that several credit unions received a message from Ongoing Operations that the company was attacked by a ransomware program on November 26. In response, Ongoing Operations immediately took action, including hiring specialists to determine the extent of the incident and alert federal law enforcement agencies.
According to Adamoli, approximately 60 credit unions are currently experiencing some problems due to this attack. He added that members ' deposits in affected credit unions are insured by the Credit Union Share Insurance Fund for up to $ 250,000.
Adamoli also said that they have informed the US Treasury Department, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Agency. Trellance did not respond to requests for comment.
The attack also had a major impact on other credit union technology providers, including FedComp, a company that provides data processing services for credit unions.
One of the affected credit unions, Mountain Valley Federal Credit Union (MVFCU), issued an announcement warning customers of significant outages. MVFCU CEO Maggie Pope said that their data processor, FedComp, informed them about the Trellance attack, but customer data was not affected. MVFCU plans to cover all charges related to the incident.
The NCUA warned in August of an increase in cyber attacks on credit unions, their service organizations and other third parties providing financial services.
NCUA Chairman Todd Harper said the agency's ability to analyze the entire credit union system is limited by its lack of direct oversight authority over service providers. He added that more than 60% of cyber incidents reported by the NCUA involve third parties and credit union service organizations, highlighting the risks associated with this "growing regulatory blind spot."
About 60 credit unions have experienced outages due to a ransomware attack on a popular technology provider. Joseph Adamoli, a representative of the National Credit Union Administration (NCUA), said that the target of the attack was the cloud service provider Ongoing Operations, owned by the credit union technology firm Trellance.
Adamoli said that several credit unions received a message from Ongoing Operations that the company was attacked by a ransomware program on November 26. In response, Ongoing Operations immediately took action, including hiring specialists to determine the extent of the incident and alert federal law enforcement agencies.
According to Adamoli, approximately 60 credit unions are currently experiencing some problems due to this attack. He added that members ' deposits in affected credit unions are insured by the Credit Union Share Insurance Fund for up to $ 250,000.
Adamoli also said that they have informed the US Treasury Department, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Agency. Trellance did not respond to requests for comment.
The attack also had a major impact on other credit union technology providers, including FedComp, a company that provides data processing services for credit unions.
One of the affected credit unions, Mountain Valley Federal Credit Union (MVFCU), issued an announcement warning customers of significant outages. MVFCU CEO Maggie Pope said that their data processor, FedComp, informed them about the Trellance attack, but customer data was not affected. MVFCU plans to cover all charges related to the incident.
The NCUA warned in August of an increase in cyber attacks on credit unions, their service organizations and other third parties providing financial services.
NCUA Chairman Todd Harper said the agency's ability to analyze the entire credit union system is limited by its lack of direct oversight authority over service providers. He added that more than 60% of cyber incidents reported by the NCUA involve third parties and credit union service organizations, highlighting the risks associated with this "growing regulatory blind spot."
