Michael E. FryzelThe recent disclosure that an NCUA examiner lost the flash drive containing confidential information of members of Palm Springs Federal Credit Union was unfortunate and troubling. It was unfortunate for it to have happened at all but more troubling is the failure of the NCUA to disclose when it occurred, not telling the industry that it happened and what steps the agency has taken to prevent its reoccurrence.

The data breach took place in October and yet it was not until two months later that the agency acknowledged the incident. And that acknowledgement came only after CU Times obtained a copy of the letter sent to all Palm Springs members.  Despite this disclosure, NCUA refuses to confirm an NCUA examiner was responsible for the loss.

The letter itself is interesting. Nowhere is it mentioned that the flash drive was lost during an NCUA examination. It refers to records being “audited” and the “audit process”. NCUA does not perform audits. Use of the word audit would lead one to believe that the breach was caused by the credit union’s CPA or internal auditor.

 

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2023 ALM Global, LLC. All Rights Reserved.