The NCUA warned in August that it was seeing an increase in cyberattacks against credit unions, credit union service organizations (CUSO), and other third-party vendors supplying financial services products.
Multiple credit unions were affected by the cyberattack on the MOVEit file transfer software earlier this year and dozens of organizations have filed data breach reports with regulators in Maine over the last three years.
The RansomHouse extortion group added Jefferson Credit Union to its list of victims in 2022 and Envision Credit Union announced a cyberattack last year involving the LockBit ransomware group. Ardent Credit Union also faced an incident in 2020.
In February, the NCUA approved new rules that require a federally insured credit union to notify the NCUA within 72 hours of a cyberattack. The rule came into effect on September 1.
NCUA Chairman Todd Harper said in October that in the first 30 days after the rule went into effect, the NCUA received 146 incident reports — a number the organization previously only saw in an entire year.
He lauded the proactive efforts that credit unions are taking to reach out to government agencies for cybersecurity help but noted that his organization’s ability to analyze the “entire credit union system remains limited.”
“That’s because CUSOs and credit union third-party service providers do not have the same level of oversight as bank vendors, as the NCUA lacks the statutory authority to directly examine or supervise these entities,” he said.
“Stakeholders must understand that the risks resulting from the NCUA’s lack of vendor authority are real, expanding, and impact all of us.”
He added that more than 60 percent of the cyber incidents reported to the NCUA involve third-party service providers and CUSOs.
“Until this growing regulatory blind spot is closed, thousands of federally insured credit unions, tens of millions of consumers who use credit unions, and trillions in assets are exposed to high levels of risk,” he said.
https://therecord.media/credit-unions-facing-outages-due-to-ransomware
It’s worthwhile to note that most CUs rely on third parties for IT services and support. In this case, the IT provider for these CUs was impacted, not the CUs themselves.
FISERV again? They have had their databases broken into and stolen a couple of times causing hardships for their clients.
Oh wow that’s what happened yesterday. I use Bethpage credit union and their site was down all day as well as the system at their branch.
And what was the Biden occuaption pushing last week? Oh yes, the elimination of cash.
One of our local hospital systems suffered such and attack several months ago - caused a lot of chaos among patients and staff....they ought to use the CIA for something useful - go after and eliminate these turds...