UPDATED: Charter Oak resumes online banking
Jul. 19—WATERFORD — Charter Oak Federal Credit Union restored its online banking service Wednesday night.
During an online conversation with customers late in the afternoon, Brian Orenstein, president and chief executive officer, said Charter Oak's internet domain name had been "unlocked" just hours before the 4 p.m. conversation, setting the stage for the resumption of online banking.
When the online banking service was restored early Wednesday night, credit union members received an email containing a link to the service and instructions for accessing online banking. Instructions for accessing the service were also posted on social media.
Charker Oak's website will not be immediately restored, Orenstein said during the online conversation.
Wednesday's announcement came with nearly 100 people logged on to the online conversation, which Charter Oak had announced early in the day. Orenstein fielded 20 questions during the 30-minute session.
At the outset, Orenstein said Charter Oak's vendor had shut down the credit union's website at 5 p.m. Friday, having identified "unusual activity" on the site, beginning two days earlier. On Sunday, he said, he received confirmation that "bad actors" had caused the vendor to shut down the site, effectively stopping online banking.
"Early today, we confirmed these nefarious actors took advantage of a vulnerability in our domain," Orenstein said. "As of today, we have certified this has been resolved."
Participants in the online conversation sought assurances that their personal information and accounts were intact and that Charter Oak is on solid financial footing.
Orenstein said the credit union, which mostly serves customers in New London and Windham counties, had taken steps to maintain liquidity and ensure its solvency. He said that while it anticipates some account closures because of the disruption, there have been no unusually large withdrawals.
"We have a lot of work to do to rebuild our reputation," he said. "We've got egg on our face here at Charter Oak."
In a phone interview earlier in the day, Orenstein stressed that no customer information or deposits had been jeopardized.
"Our data has been secure the whole time," he said. "We want to make sure that's still the case, so that when we come back online we don't come back with any possibility of losing any customer data."
Orenstein said Charter Oak knows only that the source of the website activity that prompted the shutdown was "a bad actor."
"This wasn't an accident," he said. "We do know that. We don't know who they are."
Fake websites that had appeared mimicking the real Charter Oak site have been taken down, Orenstein said, though he acknowledged there is no guarantee they won't reappear. He said more than 200 customers may have signed into a fake site and provided personal information that would have been of no use to the actors.
Customers will be given new usernames and passwords, and a more stringent sign-in protocol will be put in place when the website is restored, Orenstein said during the virtual conversation. He said it's possible a third-party review of the site may determine it should be entirely rebuilt.
Orenstein said the disruption was not a case of ransomware, which would have involved a threat to publish personal information unless a ransom was paid.
"It's not any type of ransomware," he said. "We know that because nothing's been stolen. Our security team took down our website, not the bad guy. I haven't gotten a ransom note."
Orenstein said Charter Oak's customer information is kept on "our core system," not the website, and no such information has been accessed.
During the online banking shutdown, Charter Oak has continued to perform banking transactions via phone and in person at its branch offices. Debit and credit cards are working, and recurring bill payments are going out as scheduled, according to the credit union.
"The only change is that people can't do business from home (computer) or on their device," Orenstein said.
Charter Oak has kept its Contact Center phone lines open until 9 p.m. at (860) 446-8085 and ContactCenter@cofcu.com.
Responding to a customer, Orenstein said Charter Oak will be reevaluating its relationship with its domain name service provider and would submit to a "postmortem" by an "independent, outside company." It will share the results of that effort with members, he said.
Some Charter Oak customers who responded to a query in The Day said the shutdown of the credit union's online banking service had posed a hardship.
"Having both personal and business accounts at Charter Oak has made the shutdown a major inconvenience," Nancy Butler, of Waterford wrote. "I am extremely busy and accessing information the way I need it when I need it is important."
Angela Gaeta, who moved from Connecticut to North Carolina about a year ago, wrote that online banking enabled her to stay with Charter Oak, with which she had always had "great experiences."
However, she wrote that she was "really upset" with Charter Oak's handling of the website debacle, saying it had put out "very little information about what the problem is and when it might be fixed."
Marty Fenelon, of Waterford, a retired information technology manager and a Charter Oak customer for more than 40 years, wrote that he has long had concerns about online banking.
"I don't believe in putting all my eggs in one basket in case something such as this happens, despite many banks and other companies pushing customers to go 100% online," he wrote. "In addition, the internet is not always available everywhere, and never will be. So completely abandoning offline options seems risky to me."
