Disorder in the financial industry: Trellance targeted by a cyberattack.


Reaction score
The security breach at Trellance poses a threat to the deposits of millions of credit union members.

Around 60 credit unions have faced disruptions following a ransomware attack on a prominent technology service provider. Joseph Adamoli, a spokesperson for the National Credit Union Administration (NCUA), revealed that the primary target of this attack was Ongoing Operations, a cloud service provider owned by Trellance, a credit union technology firm.

Adamoli disclosed that Ongoing Operations notified several credit unions about the ransomware incident on November 26. In response, Ongoing Operations promptly took measures, engaging specialists to assess the extent of the breach and alerting federal law enforcement agencies.

Approximately 60 credit unions are currently grappling with issues resulting from this attack, as stated by Adamoli. He reassured that deposits of members in the affected credit unions are insured up to $250,000 by the Credit Union Share Insurance Fund.

Adamoli further informed that the US Treasury Department, the Federal Bureau of Investigation, and the Cybersecurity and Infrastructure Agency have been notified. Despite attempts to obtain comments, Trellance did not respond.

The repercussions of the attack also affected other credit union technology providers, including FedComp, which offers data processing services for credit unions.

Mountain Valley Federal Credit Union (MVFCU), one of the affected credit unions, cautioned customers about significant disruptions. CEO Maggie Pope of MVFCU mentioned that their data processor, FedComp, alerted them about the Trellance attack, assuring customers that their data remained unaffected. MVFCU plans to cover all expenses related to the incident.

The NCUA had previously warned of an uptick in cyber attacks on credit unions and their service providers. Todd Harper, NCUA Chairman, expressed concerns about the agency's limited ability to oversee service providers directly, emphasizing the significant risk associated with this "growing regulatory blind spot," as over 60% of reported cyber incidents involve third parties and credit union service organizations.