It was a long five days at Charter Oak Federal Credit Union, which lost its online banking service Friday after an unknown hacker established at least two fake websites.

The incident, which caused consternation and inconvenience for the credit union's 80,000 members, contains some hard-earned lessons about the digital financial world.

The shutdown, which happened when the credit union's domain name provider detected unusual and nefarious activity, illustrated how important online banking has become to many people. Whether using a computer or mobile app, consumers have become accustomed to reviewing balances, depositing checks and transferring funds remotely.

Some of the credit union's members who were most inconvenienced don't even live in Connecticut, so they could not drive to a branch to conduct financial business.

This makes digital security all the more vital. Although no consumer data or funds at Charter Oak were compromised, the threat of such exposure is enough to warrant some hard questions.

The credit union promises to do a thorough study of what went wrong. Two obvious areas to assess: How did this happen, and how adequate was the official response?

Brian Orenstein, the credit union's president and CEO, told members in a video call Wednesday that “nefarious actors took advantage of a vulnerability in our domain,” leading the domain service provider to shut down charteroak.org as a precaution on Friday evening.

The hackers were able to send out a “spoofing” email to some members, posing as Charter Oak and directing them to a fake website, apparently in an attempt to capture passwords or other data. Anyone who signed on to the website has been directed to contact the credit union to change their sign-on credentials.

But the hackers were not able to capture any money or data, Orenstein stressed, and members were still able to use their debit cards or visit a branch to conduct business.

Orenstein seemed visibly irritated with the domain name vendor for the length of time it took to get charteroak.org up and running, and said that relationship would be examined.

While it's a relief that credit union members did not lose money or personal information, how did the credit union fare in keeping members informed?

First of all, Orenstein is to be credited for taking online questions and answering them forthrightly during the video call. Dressed in a blue shirt with no tie, the Charter Oak logo visible behind him, he looked like he had been working around the clock to solve the problem.

He also admitted the damage the incident had done, saying “We've got egg on our face here at Charter Oak.” Those aren't words you hear often in the corporate world.

But when the credit union does its post-mortem assessment, it may find areas that could be improved upon.

Charter Oak's domain was taken down at 5 p.m. Friday. Members did not receive communication from the credit union until 9:45 a.m. the next day. By Sunday the credit union knew the outage was connected to “bad actors,” as Orenstein put it, but on Sunday members were only told to be wary of sites posing as Charter Oak. The full extent of the problem wasn't made clear to members until Monday morning.

As member frustration grew, emails were not enough to answer their questions. The credit union finally solicited questions on its Facebook page Wednesday and Orenstein held the live video call for members that afternoon.

That call was transparent and informative – and delivered the good news that online banking would return Wednesday evening. But it could have been held sooner.

As members log on to their accounts once again, questions linger. How does a hacker get access to email addresses to send out a spoof email in the first place? What were hackers looking for – what was the end game?

The incident is not unique to Charter Oak. Earlier this month, hackers used an employee's email to gain access to customer data at the National Institutes of Health Federal Credit Union in Maryland. A similar incident happened at the Credit Union of Southern California in May.

In fact, the National Credit Union Administration has warned credit unions of an increase in phishing attempts. The security firm Black Kite also estimates that 66 percent of credit unions lack adequate cyber security protocols.

Charter Oak has a legacy of 84 years in southeastern Connecticut. Formed as Naval Submarine Base Credit Union in 1939, it has grown with the region, offering mortgages and business loans as well as member checking and savings accounts. This is an institution that is vital to the residents and businesses of the region.

It's important to everyone that the credit union get this right going forward.

The Day editorial board meets with political, business and community leaders to formulate editorial viewpoints. It is composed of President and Publisher Timothy Dwyer, Executive Editor Izaskun E. Larraneta, Owen Poole, copy editor, and Lisa McGinley, retired deputy managing editor. The board operates independently from The Day newsroom.