How credit unions are affected by ransomware attacks

• Ransomware attacks infiltrated credit unions through a supply-chain attack, impacting multiple institutions and third-party vendors.
• Ransomware attack on Ongoing Operations, a cloud services provider for credit unions, led to disruptions in services for approximately 60 institutions.
• Credit unions could mitigate ransomware risk through robust cybersecurity investments, employee training, and incident response plans.

Credit unions face escalating cybersecurity threats as ransomware attacks target both institutions and their service providers. Recent incidents underscore the urgent need for robust cybersecurity measures and proactive risk mitigation strategies tailored to the financial sector’s unique challenges.

Credit unions under ransomware attacks

In May 2023, a significant cyber incident unfolded as the CI0p ransomware group infiltrated a minimum of 18 credit unions, possibly more, through a supply-chain attack exploiting a vulnerability within the MOVEit file transfer tool. This attack also impacted third-party vendors serving the credit union sector, including CU Answers and Sovos, amplifying the repercussions for credit unions and their members. Subsequently, numerous lawsuits were filed by credit union members whose personal data was compromised in the breach, targeting both their own credit unions and Progressive Software, the owner of MOVEit, in response to the security breach.

In November 2023, approximately 60 credit unions are facing disruptions following a ransomware attack on a technology provider. The attack targeted Ongoing Operations, a cloud services provider owned by Trellance, a credit union technology firm. The National Credit Union Administration (NCUA) confirmed the incident, with affected credit unions receiving notifications from Ongoing Operations about the attack. The attack has also impacted other credit union technology providers like FedComp, causing country-wide outages. Mountain Valley Federal Credit Union (MVFCU) is among the affected institutions, with plans to cover associated fees and migrate to a new server system as part of the recovery process.

Recently, Jeremiah Fowler’s report, featured in Website Planet, unveils the discovery of a database containing over three million records from US-based credit unions, totaling approximately 13 GB. While the database did not contain confidential Personally Identifiable Information (PII), it housed extensive contact details, communications, and other relevant data of board members and leadership from numerous credit unions. The database appeared to be associated with a Customer Relationship Management (CRM) system linked to CU Solutions Group (CUSG).

Also read: FBI Alerts on Escalating Threat of Dual Ransomware Attacks

What credit unions were affected by ransomware attack?

The US Federal Credit Union, offering various financial services, was listed on Medusa’s dark web leak site, with the threat group alleging unauthorised access and data theft. Potentially compromised information includes names, dates of birth, ID numbers, passport details, driver’s licenses, email addresses, and bank account numbers. Although the credit union experienced technical difficulties in late February, it is unclear if this incident is linked to Medusa’s access. As of now, the credit union has not issued a statement regarding the breach, and it remains uncertain if ransom negotiations have commenced.

Bayer Heritage Federal Credit Union is facing a class action lawsuit over a data breach last fall, allegedly compromising sensitive personal and medical information of over 61,000 individuals. The lawsuit claims the breach occurred due to the credit union’s negligent storage of data, leaving it vulnerable to cyberattacks. Despite discovering the breach in October 2023, Bayer Heritage reportedly waited until January 2024 to notify victims, failing to disclose the root cause or preventative measures.

Vantage Point Federal Credit Union (VPFCU) in Hopewell experienced a ransomware attack, causing disruptions for customers who couldn’t access their accounts or use debit cards. The issue stemmed from an attack on Trellance, the credit union’s data processor’s company. The National Credit Union Administration (NCUA) confirmed that around 60 credit unions, including VPFCU, were affected, with assets of $100 million or less.

Also read: Fingerprint and Oscilar bring frictionless fraud prevention to fintech

Mitigating the risk

To mitigate the risk of ransomware attacks, credit unions must prioritise investment in robust cybersecurity measures tailored to their specific needs and operational requirements. This includes implementing multi-layered security defences, conducting regular vulnerability assessments, and fortifying network infrastructure against emerging threats.

Educating employees about cybersecurity best practices is paramount in thwarting ransomware attacks. Credit unions should provide comprehensive training programmes to staff, equipping them with the knowledge and skills needed to identify and respond to potential threats effectively. Promoting a culture of cybersecurity awareness and vigilance among employees can help mitigate the risk of inadvertent data breaches and minimise the impact of ransomware incidents.

Preparing for the eventuality of a ransomware attack is essential for credit unions to minimise the disruption and mitigate the consequences effectively. Developing comprehensive incident response plans, including protocols for threat detection, containment, and recovery, enables credit unions to respond swiftly and decisively in the event of a cyber breach. Regular testing and refinement of incident response procedures ensure readiness to address ransomware threats proactively and safeguard member data.