After identifying unusual activity affecting its website on Wednesday, July 12, COFCU's IT team and cybersecurity experts acted immediately to protect member data and assets.

Orenstein said bad actors registered false violations with the credit union's antivirus software companies.

"That caused our antivirus software companies to put a mark on our site. And then eventually our domain name server vendor took our site down," he said. "The bad guys did not take our site down, but they caused us to take it down." That happened at 5 p.m. last Friday.

"On Sunday, we finally received confirmation that bad actors had caused our domain name server vendor to lock our domain. We informed the membership of these bad actors on Monday," Orenstein said during a live social media Q&A late Wednesday afternoon. "I am pleased to report that we expect to be back online tonight. This is a workaround that we were able to establish once our domain was unlocked just two hours ago. We continue to run security checks before we go live."

The credit union determined that the bad actors took advantage of a vulnerability within its domain.

"This vulnerability allowed the bad actors to spoof email on our behalf," he said. "The internet governing bodies got reports of this and flagged us as malicious and spamming and had our domain shut down until a time we fixed this issue. As of today, we have certified with the registrar that this has been resolved."

What complicated this crisis was that the bad actors posted a fake COFCU website that some credit union members found after doing a web search. Orenstein estimated some 200 members keyed in their user name and passcode, which he believes the fraudsters were planning to use once the credit union site came back online.

Orenstein said he believes the phony website has been taken down, but he doesn't know whether other bogus sites are out there.

"Members are reminded to be vigilant about not entering their online banking credentials into fraudulent websites," the credit union warned members. "If you provided personal information to any website that appears to have been charteroak.org over the weekend, please contact the credit union so we can assist you in changing your password and in making sure your account remains safe."

Orenstein said the credit union hired a third-party forensic investigatory team and is sparing no expense to keep member accounts safe and secure and to get COFCU's banking service up and running.

He indicated what took more time to complete were the credit union's "extreme security protocols" to ensure member accounts were secure and that this type of incident does not repeat itself.

While the situation has created a substantial inconvenience for members, Orenstein said members were able to do their banking at the 15 branches and/or call or send an email to COFCU's contact center. The credit union's ATMs, credit and debit cards are working.

All recurring bill payments will go out as scheduled but members can make a unique or one-time bill payment by calling the contact center.

The credit union will refund members who have experienced fees or charges caused by the online disruption.

Orenstein, who publicly apologized for the online/mobile banking disruption, said most credit union members have been understanding and loyal. However, some members have expressed their anger on social media sites.

"We're not seeing any unusual outflow of deposits or anything like that," he said. "Our members are loyal and understanding. We have a great relationship with our members. The community's being supportive, the members are being supportive, and our employees are being amazing and working long hours."