Posted on 12/02/2023 2:40:23 AM PST by EBH
About 60 credit unions in the US are experiencing outages because of a ransomware attack on an IT provider the credit unions use, a federal agency said Friday.
The National Credit Union Administration (NCUA), the agency that insures deposits at federally insured credit unions, said in a statement to CNN that it was “coordinating with affected credit unions” in the wake of the hack.
The full extent of the outage and its impact on credit unions was unclear Friday evening. One of the affected credit unions, New York-based Mountain Valley Federal Credit Union, said that technicians from the hacked IT provider were “working around the clock to get our systems” back online.
(Excerpt) Read more at cnn.com ...
The NCUA warned in August that it was seeing an increase in cyberattacks against credit unions, credit union service organizations (CUSO), and other third-party vendors supplying financial services products.
Multiple credit unions were affected by the cyberattack on the MOVEit file transfer software earlier this year and dozens of organizations have filed data breach reports with regulators in Maine over the last three years.
The RansomHouse extortion group added Jefferson Credit Union to its list of victims in 2022 and Envision Credit Union announced a cyberattack last year involving the LockBit ransomware group. Ardent Credit Union also faced an incident in 2020.
In February, the NCUA approved new rules that require a federally insured credit union to notify the NCUA within 72 hours of a cyberattack. The rule came into effect on September 1.
NCUA Chairman Todd Harper said in October that in the first 30 days after the rule went into effect, the NCUA received 146 incident reports — a number the organization previously only saw in an entire year.
He lauded the proactive efforts that credit unions are taking to reach out to government agencies for cybersecurity help but noted that his organization’s ability to analyze the “entire credit union system remains limited.”
“That’s because CUSOs and credit union third-party service providers do not have the same level of oversight as bank vendors, as the NCUA lacks the statutory authority to directly examine or supervise these entities,” he said.
“Stakeholders must understand that the risks resulting from the NCUA’s lack of vendor authority are real, expanding, and impact all of us.”
He added that more than 60 percent of the cyber incidents reported to the NCUA involve third-party service providers and CUSOs.
“Until this growing regulatory blind spot is closed, thousands of federally insured credit unions, tens of millions of consumers who use credit unions, and trillions in assets are exposed to high levels of risk,” he said.
https://therecord.media/credit-unions-facing-outages-due-to-ransomware
It’s worthwhile to note that most CUs rely on third parties for IT services and support. In this case, the IT provider for these CUs was impacted, not the CUs themselves.
FISERV again? They have had their databases broken into and stolen a couple of times causing hardships for their clients.
Oh wow that’s what happened yesterday. I use Bethpage credit union and their site was down all day as well as the system at their branch.
And what was the Biden occuaption pushing last week? Oh yes, the elimination of cash.
Ransomware attack on “Ongoing Operations”, a subsidiary of Trellance.
https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/
Lots of small businesses in the Credit Union IT space.
One of our local hospital systems suffered such and attack several months ago - caused a lot of chaos among patients and staff....they ought to use the CIA for something useful - go after and eliminate these turds...
Correct. I have a client who works as a ‘hacker’ as he says probing for such vulnerabilities. He ended up with a working vacation at that time.
I just do not see how they are going to be able to market a digital currency or fully digital banking. It is clearly not more secure by any measurement.
Nah, they're too busy dressing up as - or actually being - antifa and trying to carry out a color revolution in the U.S.
I use a relatively small CU here in Virginia.
Their site was down yesterday and is still down today.
The government in general and the CIA in particular has zero interest in serving citizens in this way. They could also easily curb scam and spam callers, but again evidently care zero about doing so. So they go after Trump supporters.
A hospital system I use was hacked on Thanksgiving and is still down, total chaos.
Not to worry - we were told that “the FBI is on it” (how worthless are they these days - their only accomplishments are to aid and abet the bad guys) ...took ours a couple weeks to get up internally and a month to restore patient portals.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.