Man in front of computer frustrated by ransomware attack Credit/Adobe Stock

Lack of information. Lack of communication. Lack of authority. On Thursday, NCUA Board Chairman Todd Harper did not hold back his feelings of frustration concerning the ransomware attack that has crippled approximately 60 credit unions around the country.

Not only did Harper provide a more detailed look at the impact of the ransomware attack on credit unions, he also gave details that reveal the attack may have started earlier than the organizations involved have reported.

According to Ongoing Operations, a unit of Trellance Cooperative Holdings, the ransomware attack began Nov. 26 and effectively shut down operations for approximately 60 credit unions. It appears the attack was aimed at Ongoing Operations, a credit union information technology organization acquired by credit union fintech Trellance in November of last year. The attack also targeted FedComp, a third-party vendor of Trellance.

While Ongoing Operations stated its "cybersecurity incident" began on Nov. 26, Chairman Harper said, "Since Nov. 24, the NCUA has been responding to system outages that are affecting member account availability at several credit unions nationwide."

Harper spoke publically for the first time about the ransomware attacks Thursday during his quarterly media availability with reporters. He said, "All the affected credit unions are small institutions with $100 million or less in assets. Based on our estimates, approximately $912 million in aggregate assets and 93,000 members are affected by the FedComp outage."

He added, "The NCUA has been in contact with affected institutions since last week and is working directly to help them get their systems and operations back online so members can access their funds. Additionally, the NCUA has been in contact with FedComp, the United States Treasury Department, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, as well as Congress as part of our incident response."

During his update, Harper took the opportunity to express the need for Congress to renew the NCUA's third-party authority.

"It has been more than 20 years since the NCUA had the necessary statutory authority to examine third party vendors for risks such as this one," said Harper.

Todd Harper Todd Harper

"As the result, the NCUA's ability to analyze and assess risks posed by third party vendors in the credit union system remain limited. And when incidents and outages like this one occur, the agency's lack of authority limits our ability to respond effectively and quickly, which negatively impacts credit unions and their members," he added. "In fact, the NCUA's response was delayed by several days due to a lack of direct information from the service providers. Even today, almost two weeks after the first incident report, the NCUA is still unable to determine the full extent of the ransomware attack and the resulting outages and disruptions to FedComp, Trellance and Ongoing Operations, as well as other secondary systems and vendors that utilize these systems to support credit unions."

According to a statement posted Thursday morning by one of the credit unions impacted by the ransomware attack, Peru, N.Y.-based Mountain Valley Federal Credit Union ($52.5 million in assets, 4,647 members), said its computer systems are up and fully operational. "However, home banking is still down. We are being told again that it should be up some time today."

Ongoing Operations posted an update Thursday. CU Times compared the organization's last update which was posted Dec. 2 to the Dec. 7 update and found only a few changes.

The most significant update was the removal of the following sentence from its Nov. 2 statement, which read: "Please know that currently, we have no evidence of any misuse of information, and we are providing notice in an abundance of caution to ensure awareness of this event." Instead, the organization's Dec. 7 statement added, "Ongoing Operations will assist impacted credit unions with member notification and will offer complimentary credit monitoring and identity restoration services to those who are impacted."

Ongoing Operations has said it is not taking media requests for interviews.

Harper and his staff have hope the ransomware attack might come to a resolution soon, but admit they don't know for sure.

"I think I can speak not only for myself, but also for staff and that we are all indeed frustrated," said Harper.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to asset-and-logo-licensing@alm.com. For more information visit Asset & Logo Licensing.

Michael Ogden

Editor-in-Chief at CU Times. To connect, email at mogden@cutimes.com. As Editor-in-Chief of CU Times since 2016, Michael Ogden has led the editorial team in all aspects of content strategy and execution, including the creation of the publication’s exclusive and proprietary research database of the credit union industry’s economic landscape. Under Michael’s leadership, CU Times has successfully shifted to an all-digital editorial product with new focuses on the payments, fraud, lending and regulatory beats. Most recently, he introduced a data-focused editorial product for subscribers that breaks down credit union issues into hard data, allowing for a deeper and more factual narrative for readers. In 2024, he launched the "Shared Accounts With CU Times" podcast, which offers a fresh, inside-the-newsroom perspective through interviews with leaders from the credit union industry and the regulatory world. He dives into pressing credit union issues, while revealing the personalities working behind-the-scenes to push the credit union world forward. His background includes years as a radio and TV anchor/reporter and a public relations and digital/social media manager, where he covered the food and music industries, as well as cooperatives and credit unions. Over the years, he has launched numerous exclusive video and podcast series, including a successful series of interactive backstage interviews with musicians at music festivals, showcasing his social media and live streaming production skills.