Charter Oak issues post-mortem on July cyberattack
Aug. 14—WATERFORD — Charter Oak Federal Credit Union has provided members with the results of an investigation into the cyberattack that disrupted its online banking service last month.
The incident caused Charter Oak to shut down the service for five days, from 5 p.m. July 14 to the early evening of July 19. Access to the website itself was restored thereafter.
In a letter emailed Monday, Brian Orenstein, the credit union's president and chief executive officer, said Charter Oak hired a group of information technology specialists known as a Cyber Security Incident Response Organization, or CSIRO, to look into the incident. He said the CSIRO supported Charter Oak's conclusion that "the incident was a result of cyber criminals taking advantage of a weakness in our Domain Name Service implementation."
The criminals were able to "spoof emails" and "conduct inappropriate activity" that led several virus protection software companies "to blacklist CharterOak.org, which in turn prevented our members from accessing CharterOak.org," Orenstein said. Charter Oak and the CSIRO rectified the issue and notified Charter Oak's DNS registrar that it was safe to reinstate access to CharterOak.org, he said.
While fake websites that mimicked the real Charter Oak site had sought to collect members' personal information, Orenstein consistently assured members that no accounts had been accessed by those behind the cyberattack.
"We realize the significant inconvenience that the absence of online banking had for our membership, but we know the security of your data and deposits is paramount," he said in Monday's letter. "Charter Oak is confident, and the CSIRO confirmed, that no member's data has been compromised."
Orenstein said Charter Oak has taken steps to secure its website, contracting with a cybersecurity firm to further analyze the credit union's online offerings and "provide recommendations to improve our security posture even more."
Charter Oak has required members to change their website sign-ins and to provide multiple pieces of identification beyond merely a password.
"While Charter Oak provided our members with the ability to choose to use Multi-Factor Authentication (MFA) in the past, we decided to now make it mandatory," he said in the letter. "MFA is a layered approach to securing data and applications and is highly recommended for all your online activity. We understand that this will be confusing for some members, but we and our members will be significantly more secure with this requirement."
On July 19, prior to the restoration of online banking service, Orenstein addressed members' concerns during an online conversation. At the outset, he said Charter Oak's vendor had shut down the credit union's website at 5 p.m. July 14, having identified "unusual activity" on the site, beginning two days earlier.
On July 16, he said, he received confirmation that "bad actors" had caused the vendor to shut down the site.
Orenstein did not respond Monday to messages seeking further comment.
