Cyber Incident Victim: Ariza Credit Union
Date:
Mar 2024
Location:
Grenada
Summary
Ariza Credit Union experienced a cyberattack causing significant service disruptions, prompting the institution to take all computerized systems offline as a precaution. This resulted in the unavailability of in-branch operations, ATMs, online banking platforms including AMIE, and point-of-sale services across all locations, though member deposits were assured to remain secure; restoration efforts are prioritized to resume normal operations swiftly, with apologies issued for any inconvenience caused.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 24, 2024, Ariza Credit Union in Grenada publicly disclosed a cyberattack that disrupted its computerized systems. The credit union issued a statement that same day confirming the incident and announcing an immediate precautionary shutdown of all systems until at least March 26. This outage affected all operational channels including in-branch banking systems, ATMs, online banking services (specifically referenced as AMIE), and Point of Sale terminals across all physical locations. The institution explicitly stated these services would remain completely unavailable both physically and online during the shutdown period. No technical details regarding the attack vector, intrusion method, or threat actor were disclosed in the public statement.
The credit union emphasized member deposit security assurances while prioritizing restoration efforts, though no specific timeline for full recovery was provided. Operational impacts included complete suspension of transactional capabilities and account access through all standard channels. Ariza Credit Union acknowledged the disruption's severity through a formal apology to members for incurred inconveniences. Restoration work commenced during the outage window, with public communications focusing exclusively on system recovery rather than forensic findings or data compromise details. The institution maintained operational silence regarding potential data exposure, attacker origins, or regulatory notifications beyond the confirmed service interruption timeframe.