According to the National Credit Union Administration, a ransomware attack at a cloud IT provider has caused disruptions for approximately 60 credit unions in the US. The affected credit unions were relying on the attacked vendor for their services. The NCUA is working with the impacted credit unions to address the situation, as they regulate and insure these financial organizations. The NCUA spokesperson confirmed the outage and assured that member deposits at the affected federally insured credit unions are insured by the National Credit Union Share Insurance Fund up to $250,000.
The cloud provider Ongoing Operations, owned by Trellance, was hit by ransomware, leading to disruptions for their clients. It is believed that the security breach occurred through the Citrix Bleed vulnerability. One of the impacted credit unions, Mountain Valley Federal Credit Union, reported “system downtime” as a result of the ransomware attack at Ongoing Operations. The credit union’s CEO described it as a “nationwide” issue.
Trellance and FedComp, the data processor for Mountain Valley, have been working to resolve the issue, with plans to move to a new server system. Trellance indicated that the member information of the affected credit unions was not compromised. The NCUA has informed the US Treasury Department, CISA, and the FBI about the cyber-break-in.