Skip to content

Wisconsin-based TruStage shuts down network after cybersecurity incident

The insurance and financial services company brought in outside specialists as outages affected products offered through credit union partners.

TruStage sign outside the company’s office building in Madison, Wisconsin, under a blue sky.
TruStage’s offices in Madison, Wisconsin. The company shut down its network after identifying a cybersecurity incident. (TruStage via Facebook)

TruStage shut down its network after identifying a cybersecurity incident, activating response and recovery procedures as outside specialists worked to contain the issue and restore systems.

The disruption affects TruStage, a Madison, Wisconsin-based company that provides insurance, investment and financial products through credit unions and other partners nationwide.

TruStage told stakeholders July 14 that the incident affected its technology environment and that it took the network offline as a precaution to protect its systems.

“Upon discovery, we immediately commenced our incident response and recovery efforts, including proactively shutting down our network,” a TruStage spokesperson told Credit Union Times. The company also engaged outside cybersecurity experts to investigate, contain and remediate the incident.

TruStage said the work was ongoing and that it was working to restore its systems and network. The company directed stakeholders with questions to an incident information website and said it would provide additional information as appropriate.

The outage has affected some services offered through credit union partners. First Commonwealth Federal Credit Union in Pennsylvania told members that TruStage was temporarily unavailable for claims involving guaranteed asset protection insurance, mechanical repair coverage and payment protection products.

First Commonwealth Federal Credit Union website notice stating that TruStage is temporarily unavailable and that some GAP insurance, mechanical repair coverage and payment protection claims may be affected.
First Commonwealth Federal Credit Union posted a notice saying TruStage was temporarily unavailable and that some insurance and payment-protection claims could be affected. (Screenshot by DysruptionHub)

First Commonwealth did not report disruptions to deposits, cards, ATMs or online banking. Its notice indicated that the known impact involved TruStage products offered through the credit union, not the institution’s core banking network.

TruStage cautioned that it was too early to determine the incident’s scope or impact.

Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.

Tip us

Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.

Become a Supporter

“At this stage, it would be premature to draw conclusions about the scope or impact of the incident,” TruStage wrote in its stakeholder communication. The company said it did not want to speculate before investigators established the facts.

TruStage has not disclosed how its systems were compromised, whether information was accessed or when full service will be restored. The company also has not confirmed ransomware, data theft, a ransom demand or the involvement of a threat actor. It did not respond to a request for additional comment by publication time.

Attribution note: DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.
DysruptionHub Staff

DysruptionHub Staff

A collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United States.

All articles

More in Critical Infrastructure

See all

More from DysruptionHub Staff

See all