Ransomware suspected after CUNA, a credit union lobbyist, knocked offline

The Credit Union National Association, a major lobbyist and trade association for credit unions, is recovering after its systems were knocked offline earlier this week following a “cyber incident.”

CUNA, headquartered in Washington, DC, represents state and federally chartered credit unions across the U.S., and provides lobbying, advocacy and other trade association services.

But its systems were knocked offline Monday as a result of ransomware, according to a source familiar with the incident who was not authorized to talk to the press. The type of ransomware used is not immediately known, but CUNA is understood to predominantly run Microsoft software, which is frequently a target of ransomware.

A banner on the organization’s website described the outage only as “technical issues” with its systems.

Vicky Christner, a spokesperson for CUNA, would not confirm ransomware was the cause of the outage but said the organization was “addressing a cyber incident,” describing it as a “business disruption issue.”

“CUNA does not store Social Security numbers or credit card numbers of our members,” said Christner. “Based on our investigation to date, we have no evidence to suggest that any data in our system — such as names, businesses addresses and email addresses — have been accessed.”

“Our investigation remains ongoing,” said Christner.

The incident comes just months after CUNA hosted a simulated ransomware attack, aimed at helping credit unions defend against ransomware.

CUNA becomes the latest organization to be hit by ransomware in recent months. Last year, aluminum manufacturer Aebi Schmidt, postage and shipping company Pitney Bowes and drinks maker Arizona Beverages were all hit by ransomware, each knocking their systems offline for days.

At the time of writing, CUNA’s website said it aims to have systems up “soon.”