💣🔗

National Credit Union Administration (NCUA) Security Incident

2023 995 days ago Resolved

Incident Overview

Situation Description

The National Credit Union Administration (NCUA) is submitting its annual report to Congress detailing cybersecurity threats and initiatives to enhance preparedness within the credit union industry, which serves over 139 million Americans.

Event Types

Malware / Destructive Attack Supply Chain Compromise

Industry Sector

Finance

Geographic Scope

National (US)

Response Actions

Revised Incident Response Plan Enhanced Third-Party & Supply Chain Risk Management

Impact Analysis

Event Types (2 identified)

Malware / Destructive Attack Supply Chain Compromise

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Operational / System Data

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

The NCUA Board approved a final rule in February 2023 requiring federally insured credit unions to notify the NCUA within 72 hours of a reportable cyber incident.; The NCUA began using its Information Security Examination (ISE) procedures in early 2023, designed to be scalable and standardize examinations of credit union information security and cybersecurity programs.; The NCUA requests Congress restore its vendor authority over third-party service providers to better mitigate cybersecurity risks.

Technical Analysis

Attack Method

Third-Party Compromise

Additional Information

Cybersecurity and Credit Union System Resilience Annual Report to Congress MESSAGE FROM THE CHAIRMAN On behalf of the National Credit Union Administration (NCUA), I am submitting our annual, statutorily required Cybersecurity and Credit Union System Resilience Report. This report summarizes the current cybersecurity threat landscape, highlights the agencys key cybersecurity initiatives, and outlines the agencys ongoing efforts to enhance cybersecurity preparedness and resilience within the credit union industry. Throughout 2023, our nationincluding its financial sectorhas faced unprecedented challenges stemming from cyberattacks and other malicious activities targeting critical infrastructure. The credit union system, which serves more than 139 million Americans and plays a vital role in communities across the country, is not immune to these threats. In fact, in the face of an ever-evolving cybersecurity threat landscape, the need for ongoing vigilance in the credit union sector cannot be overstated. The NCUA is committed to ensuring consistency, transparency, and accountability in its cybersecurity examination program and related activities. Further, over the last several years the NCUA has made major strides in promoting a culture of cybersecurity awareness and resilience among credit unions. Through targeted supervision completed using the NCUAs recently implemented Information Security Examination program, the development of risk-assessment tools like the agencys Automated Cybersecurity Evaluation Toolbox, the adoption of a cyber incident notification regulation in 2023, ongoing educational outreach, and grants to eligible credit unions, we have worked diligently to improve cybersecurity practices and mitigate risks. Looking ahead, the NCUA remains committed to working closely with Congress, other regulatory agencies, industry stakeholders, and other partners to strengthen cybersecurity defenses and ensure the resilience of the credit union system. To that...

... (truncated for display)

Quick Facts

Company:: National Credit Union Administration (NCUA)
Date:: 2023
Status:: Resolved
Decision Maker:: Todd M. Harper
Position:: Chairman
Published:: nan

Source Information

Original Query

what security architecture changes do companies make after ransomware

View Original Source

Timeline

Information Published

nan

Incident Occurred

2023 (995 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats