Newsroom
NCUA responds on data loss
NCUA's recent loss of a thumb drive containing sensitive data from an insured credit union "resulted from a failure to follow agency policies on securing sensitive data," agency Executive Director Mark Treichel said in a statement Wednesday.
The breach, which drew a strong response from NAFCU, occurred when an NCUA examiner lost a thumb drive provided by Palm Springs Federal Credit Union that reportedly contained members' names, addresses, Social Security numbers and account numbers. The thumb drive was lost in October.
NAFCU President and CEO Dan Berger, writing Tuesday, urged NCUA Chairman Debbie Matz to ensure a careful investigation of the breach, and he encouraged full transparency in that effort. Berger welcomed NCUA's follow-through and said NAFCU "looks forward to seeing improvements in the way NCUA handles and protects the sensitive data it receives from insured credit unions during reporting and examination processes."
Berger reiterated, "As a federal regulator and a steward of credit unions' sensitive information, NCUA must be held to the highest standard for safeguarding such data."
"NCUA is using this incident as an opportunity to learn," Treichel said in Wednesday's statement. "We are reinforcing training on protecting sensitive information, we are reviewing our policies and procedures in this area, and we are moving as quickly as possible to consider and adopt additional safeguards to protect electronic data, including:
- Creating a team to review the circumstances surrounding this incident.
- Directing the already-established review team responsible for NCUA's Guidelines for Safeguarding Member Information (Part 748 of regulations) to study whether to require federally insured credit unions to encrypt electronic member information.
- Evaluating development of a system for sharing information between the agency and federally insured credit unions through a secure portal, rather than using hardware like a thumb drive.
Share This
Related Resources
Add to Calendar 2024-05-03 14:00:00 2024-05-03 14:00:00 Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing About the Webinar In January 2024, Pentegra conducted a survey of retirement plan sponsors and their perspectives on retirement plan management and fiduciary outsourcing. The survey measured how sponsors are using fiduciary outsourcing to help better manage their retirement plans. It also captured their perspectives on what outsourcing does to help them better position their plans and drive improved retirement plan outcomes. Key Takeaways: What is the full scope of your responsibilities as a plan sponsor? What is fiduciary outsourcing and how does it work? How does fiduciary outsourcing help reduce workloads and minimize risk? How can a credit union best position its plan to drive improved outcomes? Register Here Web NAFCU digital@nafcu.org America/New_York public
Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing
preferred partner
Pentegra
Webinar
Turning Lemons into Lemonade: Capitalizing in a Post-Banking Crisis Era
Strategy
preferred partner
Allied Solutions
Blog Post
Ensuring Safety and Soundness with AI
Management, Consumer Lending, FinTech
preferred partner
Upstart
Blog Post
Add to Calendar 2024-05-02 14:00:00 2024-05-02 14:00:00 Mastering Resilience in Incident Response Plans About the Webinar An Incident Response (IR) plan is crucial for guiding credit unions through major incidents efficiently and effectively. However, many IR plans lack resilience, making them less adaptable to the evolving threat landscape. Join us for our webinar Mastering Resilience in Incident Response Plans where DefenseStorm cyber experts Elizabeth Houser and James Bruhl will delve into the importance of resiliency within cybersecurity IR plans. Don’t miss out on the opportunity to learn how to: Ensure IR plan accessibility so that all team members with assigned roles are prepared for effective incident response. Conduct efficient and regular reviews to ensure roles and responsibilities are current, tools are relevant, and compliance requirements are met. Implement and utilize tabletops to regularly test the effectiveness of your IR plan. Enhance preparedness, efficiency, and confidence among responders. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Mastering Resilience in Incident Response Plans
preferred partner
DefenseStorm
Webinar
Get daily updates.
Subscribe to NAFCU today.