Credit/AdobeStock
A ransomware attack that began Nov. 26, impacting dozens of credit unions across the country, continues to hamper the operations of many credit unions that are clients of Ongoing Operations, a unit of Trellance Cooperative Holdings.
While the scope of the ransomware attack or who conducted the attack isn't fully known, it appears the attack was aimed at Ongoing Operations, a credit union information technology organization acquired by credit union fintech Trellance in November 2022, and FedComp, a third-party vendor of Trellance.
In a blog post by Kevin Beaumont, a cybersecurity expert, he explained, "A ransomware group gained entry to Trellance via Ongoing Operations." And the FedComp "platform was not patched for CitrixBleed, as no Netscaler patches had been applied" since May of this year. Beaumont added, "This is disrupting operations in a way which impacts millions of Americans."
In a statement to CU Times Monday, NCUA spokesperson Joe Adamoli said, "The NCUA continues to work with the approximately 60 credit unions that experienced system outages affecting member account availability due to a ransomware attack at a third-party service provider. Although not fully operational, many of these credit unions have alternative services in place that allow members to access their funds. Credit union member deposits at the affected federally insured credit unions remain insured by the National Credit Union Share Insurance Fund up to $250,000."
One of the credit unions impacted by the ransomware outage was the Peru, N.Y.-based Mountain Valley Federal Credit Union ($52.5 million in assets, 4,647 members). A statement posted Monday morning by the credit union's CEO Maggie F. Pope and its board of directors provided a somber update.
"As of today, MVFCU's data processing system remains non-operational. Our data processor is making progress," the statement read. "Due to the number of credit unions affected and the volume of work completed in the past couple of days, it will take a little more time to launch our online banking platform. Just a reminder that you may still use your debit cards, get cash at ATMs or at any of our four branches (Peru, AuSable Forks, Keeseville, Wilmington). Please call one of our branches should you need additional help."
The statement continued: "Please bear with us just a little longer as we work diligently to get you all connected to your financial information. Again, we are truly sorry for this inconvenience and are hopeful that this situation will be resolved very soon. We do appreciate your patience, support and understanding as we get through this."
Officials with Ongoing Operations have not given a status update on the ransomware attack since Saturday, Dec. 2. In that statement, Ongoing Operations said it "experienced an isolated cybersecurity incident" on Nov. 26.
"This incident is isolated to a segment of the Ongoing Operations network and our team is diligently working around the clock to minimize service interruptions wherever possible and to ensure the safety of information stored on our systems," the statement read. Ongoing Operations said it had notified federal law enforcement.
Trellance has not released a statement, but its website links to the statement from Ongoing Operations.
This ransomware attack provides NCUA Chairman Todd Harper another example to bolster his ongoing push for the agency to receive third-party vendor authority. Three weeks ago Harper testified before the House and Senate Banking Committees asking for their help to update the Federal Credit Union Act to give the NCUA that authority.
During his Senate testimony, Harper warned lawmakers that due to "increased industry concentration, intensifying cyber threats and greater outsourcing of core business functions, the Government Accountability Office, the Financial Stability Oversight Council and the NCUA's Inspector General have all recommended congressional action to restore the NCUA's statutory examination authority over third-party vendors."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Michael Ogden
Editor-in-Chief at CU Times. To connect, email at [email protected]. As Editor-in-Chief of CU Times since 2016, Michael Ogden has led the editorial team in all aspects of content strategy and execution, including the creation of the publication’s exclusive and proprietary research database of the credit union industry’s economic landscape. Under Michael’s leadership, CU Times has successfully shifted to an all-digital editorial product with new focuses on the payments, fraud, lending and regulatory beats. Most recently, he introduced a data-focused editorial product for subscribers that breaks down credit union issues into hard data, allowing for a deeper and more factual narrative for readers. In 2024, he launched the "Shared Accounts With CU Times" podcast, which offers a fresh, inside-the-newsroom perspective through interviews with leaders from the credit union industry and the regulatory world. He dives into pressing credit union issues, while revealing the personalities working behind-the-scenes to push the credit union world forward. His background includes years as a radio and TV anchor/reporter and a public relations and digital/social media manager, where he covered the food and music industries, as well as cooperatives and credit unions. Over the years, he has launched numerous exclusive video and podcast series, including a successful series of interactive backstage interviews with musicians at music festivals, showcasing his social media and live streaming production skills.
