TruStage shut down its network after identifying a cybersecurity incident, activating response and recovery procedures as outside specialists worked to contain the issue and restore systems.
The disruption affects TruStage, a Madison, Wisconsin-based company that provides insurance, investment and financial products through credit unions and other partners nationwide.
TruStage told stakeholders July 14 that the incident affected its technology environment and that it took the network offline as a precaution to protect its systems.
“Upon discovery, we immediately commenced our incident response and recovery efforts, including proactively shutting down our network,” a TruStage spokesperson told Credit Union Times. The company also engaged outside cybersecurity experts to investigate, contain and remediate the incident.
TruStage said the work was ongoing and that it was working to restore its systems and network. The company directed stakeholders with questions to an incident information website and said it would provide additional information as appropriate.
The outage has affected some services offered through credit union partners. First Commonwealth Federal Credit Union in Pennsylvania told members that TruStage was temporarily unavailable for claims involving guaranteed asset protection insurance, mechanical repair coverage and payment protection products.

First Commonwealth did not report disruptions to deposits, cards, ATMs or online banking. Its notice indicated that the known impact involved TruStage products offered through the credit union, not the institution’s core banking network.
TruStage cautioned that it was too early to determine the incident’s scope or impact.
“At this stage, it would be premature to draw conclusions about the scope or impact of the incident,” TruStage wrote in its stakeholder communication. The company said it did not want to speculate before investigators established the facts.
TruStage has not disclosed how its systems were compromised, whether information was accessed or when full service will be restored. The company also has not confirmed ransomware, data theft, a ransom demand or the involvement of a threat actor. It did not respond to a request for additional comment by publication time.