NCUA Issues Regulatory Alert on Security Breaches
The NCUA has issued a regulatory alert instructing federally insured credit unions to ensure they have security measures in place in the wake of several recent online breaches.
The alert advises FICUs to have “robust enterprise risk management practices in place,” including assessment, mitigation and controls, measuring and monitoring.
“Lack of proper monitoring and control systems allows attackers to gain entry into a target environment through phishing, spear-phishing, drive-by malware injection and other malicious techniques,” the agency said. “Successful attacks often compromise sensitive member information which may lead to fraud.”
The NCUA letter did not mention any specific incidents but told FICUs that the agency expects them to carefully review recent advisories it included from the National Security Agency and the U.S. Computer Emergency Readiness Team.
Recent breaches include incidents at RSA, Sony, Epsilon and Michaels, as well as a series of apparent phishing and malware attacks that moved a reported $11 million from business accounts at U.S. community banks and credit unions to Chinese banks.