I agree that they shouldn’t be targeted. I do fully understand why they were targeted. Many credit unions don’t have the tech or tech departments or internal training necessary to safeguard against these sort of attack vectors. A credit union I had in the early 2010s didn’t even offer online banking and I had online banking with a traditional bank for over a decade at that point.