Charter Oak Credit Union Hit With Cyberattack, Spoofed Website

Charter Oak Federal Credit Union (CT Examiner)


TwitterFacebookCopy LinkPrintEmail

A “bad actor” forced Charter Oak Credit Union’s website to shut down on Friday, and the fraudster set up a fake website in an attempt to collect login information from the bank’s customers, Charter Oak said.

Charter Oak President and CEO Brian Orenstein said the bank is “100 percent positive that no member data has been compromised or breached in any fashion.” But he warned that any customers who tried to log in to their account after 5 p.m. on Friday entered their username and password into a spoofed website set up to collect that information, and should call or visit a branch immediately.

Orenstein said that the bad actor that has been using the spoof website to collect usernames and passwords has not been able to access any accounts since the real Charter Oak website is down. 

“Member data has never been at risk. Their funds are safe, their money is still there,” Orenstein said. “But if they logged in after Friday at 5 p.m., to any website that may have looked like Charter Oak’s, they have given their login information to a bad actor. Please contact us, and we can save everybody a lot of headaches.”

He said there is currently no ETA on when the website will be back up and running, but customers can make any transactions at a branch – which have not been affected because the core system is separate from online banking – or by calling the bank at 860-446-8085 or emailing

Orenstein said the outage was caused by anti-virus software flagging the Charter Oak site for reports of unusual activity, leading the domain server to take the site offline. He said they believe the reports to the anti-virus company came from the bad actors, who wanted to force the Charter Oak website offline so they could trick customers with a website that looks identical.

There has been no breach of customer data, he said.

Orenstein said the fake website is using a different domain server, which is why it has remained up while the real website is down. Charter Oak does have a company on retainer to take down fake websites, which are common in the banking industry, and they are working on getting the fake site offline.

“It takes a little time to take down the bad websites,” Orenstein said. “Although our website got taken down pretty easily, it seems like, so it’s very frustrating.”

Orenstein said Charter Oak understands how frustrating and inconvenient it is for customers. He said all banking transactions can still be done at local branches, or over the phone at 860-446-8085.

Until customers receive notice that Charter Oak’s website is back online, they should not try to log in to any website that looks like Charter Oak’s, no matter how convincing it is, he said. And if they have entered login information after 5 p.m. on Friday, they should contact the bank immediately so their information can be reset before the bad actors can use it, he said.

“That’s something we can do rather quickly, and we can do any banking they need us to do,” Orenstein said. “I just want to reassure people that there has not been any data breach of any fashion, but it’s an extreme inconvenience, and we understand that frustration. We’re very frustrated as well.”

Customers with questions or concerns, or who need to access their accounts, can go to their local branch or contact the bank at 860-446-8085 or