According to publicly available reports, malicious actors exploited a MOVEIT vulnerability on May 31, 2023 to bypass and improperly access files on MOVEIT systems. This was a Zero Day attack, meaning there was no notice or patch available until after the attack took place. Estimates are that 2,500 attacks occurred in the United States, primarily targeting the U.S. Government and financial institutions.
Once our team was aware of the vulnerability, we removed the system from our network and began an investigation to determine the impact on any credit unions or their members. Our review indicates that a small number of credit unions were affected by this vulnerability. We have reached out to these credit unions directly. Unless we spoke with your credit union CEO directly, your credit union was unaffected by this vulnerability.
Available via this link is a PDF which details CU*Answers’ investigation into this incident, along with steps that we have taken with our insurer as well as federal and state departments.