Cyber Incident Victim: Credit Union National Association
Date:
Feb 2020
Location:
United States of America
Summary
The Credit Union National Association experienced a cyber incident involving suspected ransomware that disrupted its operations and forced systems offline. The organization, representing U.S. credit unions, confirmed the event as a business disruption but did not verify ransomware as the cause, noting it did not store sensitive member data like Social Security or credit card numbers. Preliminary investigations found no evidence that accessible information—including names, business addresses, or emails—had been compromised. Recovery efforts were underway to restore systems while the inquiry continued, following a recent ransomware simulation exercise hosted by the association to bolster industry defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Credit Union National Association (CUNA), a Washington, DC-based trade association and lobbying group for U.S. credit unions, experienced a significant cyber incident on February 3, 2020, that forced its systems offline. The disruption began on Monday when CUNA's operations were halted due to what an unauthorized source described as a ransomware attack, though the organization did not publicly confirm this attribution. CUNA's spokesperson, Vicky Christner, acknowledged the event as a "cyber incident" and "business disruption issue" but declined to specify the cause. The organization's website displayed a banner citing "technical issues" as the reason for the outage, with restoration efforts underway and a goal to resume operations "soon." CUNA emphasized that its systems did not store sensitive member data such as Social Security numbers or credit card information, and its initial investigation found no evidence that accessible data—including names, business addresses, and email addresses—had been compromised.
The incident caused extended operational downtime, mirroring recent ransomware attacks on companies like Aebi Schmidt, Pitney Bowes, and Arizona Beverages, which experienced multi-day outages. CUNA's response included launching an ongoing investigation to assess the scope and impact of the breach while working to restore systems. Notably, the association had conducted a simulated ransomware attack exercise months prior to the incident, aimed at preparing credit unions for such threats. Despite this proactive measure, CUNA's infrastructure—reportedly reliant on Microsoft software, a common ransomware target—succumbed to the attack. The organization maintained public communication through limited statements but did not disclose technical details about the intrusion vector, ransomware variant, or recovery timeline. Business continuity efforts focused on mitigating disruption to its advocacy and trade services while the investigation continued without conclusive evidence of data exfiltration or theft.