December 16, 2014

Berger writes Matz urging better data protection

NAFCU President and CEO Dan Berger urged NCUA Board Chairman Debbie Matz to review internal policies and procedures for safeguarding credit unions' sensitive data in light of an NCUA examiner's reported loss of an external flash drive containing secure information from a credit union.

"This is a serious breach that has put credit union members at risk," Berger said in a letter to Matz Tuesday. "NCUA is a steward of credit unions' sensitive information and, as a federal regulator, must be held to the highest standard for safeguarding such data. NAFCU urges NCUA to not only carefully investigate this breach, but to also be fully transparent to the credit unions that you regulate and serve."

Berger also recommended that as NCUA investigates this breach, it also review its "internal policies and procedures for safeguarding credit unions' sensitive information, including how it notifies members of a breach."

Credit Union Times reported Monday that the agency confirmed its examiner lost an external flash drive containing names, addresses, Social Security numbers and account numbers of members during an examination of Palm Springs Federal Credit Union in California. An NCUA spokesman is quoted saying the thumb drive contained no PINs and that there has been no indication of any unauthorized access to members' accounts or efforts to gain such access.