Failed installation of a security patch may have led to the cyber incident affecting 60 credit unions.
12/08/2023 2:10 P.M.
2.5 minute read
A ransomware attack on a credit union IT provider has disrupted banking functions at approximately 60 credit unions.
National Credit Union Administration (NCUA) spokesperson Joseph Adamoli told CNN that the ransomware attack, in which criminals lock a company’s data or computer system as an extortion tactic, affected a unit of Trellance, a cloud computing firm provider used by credit unions.
Trellance-owned Ongoing Operations was hit with the ransomware attack on Nov. 26. The company said in a press release that after becoming aware of the “isolated cyber security incident,” it engaged with third-party specialists to determine the nature and scope of the breach, and also notified federal law enforcement.
The Credit Union Times reported on Dec. 4 that many of the affected credit unions remain “non-operational,” including the Peru, N.Y.-based Mountain Valley Federal Credit Union, which told members on Monday that its data processor was still working to restore service.
The incident may have been preventable. A post from cybersecurity researcher Kevin Beaumont claims that the issues had to do with Citrix Bleed, a software vulnerability being linked in an increasing number of cyber attacks.
Beaumont claims criminals attacked two of Ongoing Operations’ servers that hadn’t been patched since this summer, even though Citrix released a patch for the vulnerability in early October. Ongoing Operations has not officially confirmed that this was the cause.
Attackers have been exploiting the Citrix Bleed for months. The NCUA warned in August that it was seeing an increase in cyberattacks against credit unions and other third-party vendors supplying financial services products.
Protect Your Business
“This is a great example of being victimized through another business who was attacked,” said Jonathan Goldberger, senior vice president of security practice & strategic sales at TPx. “This is called a supply chain attack, and it is a significant risk for organizations.”
Goldberger noted that the GLBA Safeguards Rule, which most ACA International members need to comply with, has a requirement to review service provider security annually and even incorporate a standard of security into contracts. This includes periodically assessing your service providers based on the risk they present to confirm their safeguards are adequate.
“The complexities of IT, cybersecurity and compliance are overwhelming,” Goldberger said. “Don’t go it alone. Work with a partner to review, architect and protect your business from attackers, partners, employees and ultimately, system outage/revenue lost.”
Access ACA’s Safeguards Rule Resource Center here for compliance resources and ACA’s education as well as information from TPx, ACA’s Safeguards security partner of choice. Webinar recordings related to the Safeguards Rule are available at ACA’s Store by selecting the Safeguards Rule topic.
It’s critical to ensure your cyber liability insurance is current, and coverage is easy and affordable for ACA members. Collectors Insurance Agency (CIA), a subsidiary of ACA, provides members exclusive access to risk management products and services tailored to each members’ specific needs. Cyber insurance is an ever-changing market and with the help of CIA’s partners Aon and Axis, they are helping members obtain the coverage they need to meet today’s and tomorrow’s challenges.
Remember, subscribe to ACA Daily and Member Alerts under your My ACA profile when logged in to acainternational.org to receive updates on the ACA Huddle.