top of page

Supply-Chain Ransomware Takes Down Takes Down Over 60 Credit Unions

Ransomware operators took down 60 credit unions across the US after hacking their services provider – a classic supply chain attack.

National Credit Union Administration (NCUA) spokesperson Joseph Adamoli said the ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.

Adamoli said the NCUA, which regulates credit unions at the federal level, received incident reports indicating that several credit unions were sent a message from Ongoing Operations saying the company was hit with ransomware on November 26.

“On November 26, 2023, we were victimized by a sophisticated ransomware attack,” the company told its customers in a letter.
“Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event. We also notified federal law enforcement.”
“At this time, our investigation is currently ongoing, and we will continue to provide updates as necessary,” the statement continues. “Please know that at this time, we have no evidence of any misuse of information, and we are providing notice in an abundance of caution to ensure awareness of this event.”

Credit unions across the US – many of which are experiencing ongoing downtime days after the attack – are notifying their clients and partners of the incident.

It's important to underline that it was not the credit unions themselves that fell victim to a ransomware attack. This was a supply-chain attack targeted at a company that provides services to many credit unions.