CUNA expressed concerns about the recent SolarWinds cyberattack in a letter to NCUA Thursday. The data breach that appears to be a most significant cyberattack in recent history, according to cybersecurity experts. Hackers corrupted a software update for Orion, an IT monitoring platform, to infiltrate nearly every sector of the economy, including credit unions and other financial institutions.

“As the NCUA seeks to determine the attack’s impact on the agency and as credit unions do the same, CUNA members have two concerns,” wrote CUNA President/CEO Jim Nussle. “First, we urge the agency to be forthright in its communications with credit unions if it is determined that the agency is impacted. Second, we call on NCUA to suspend the collection of data from credit unions until it can ascertain that its systems have not been and are not compromised.”

CUNA also suggests NCUA consider issuing guidance to alleviate stress from impacted credit unions as the full scope of the data breach will not be known for quite some time due to the complexity and sensitive nature of the attack.

The data breach, which started in March, pushed malicious code to an estimated 18,000 SolarWinds customers via Orion. These customers include government agencies, financial institutions, and vendors serving financial institutions.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on the “active exploitation” of SolarWinds software and one on the “advanced persistent threat,” as well as an emergency directive calling on affected organizations take several mitigation actions.

The Treasury Department is seeking feedback from financial institutions that have run the compromised SolarWinds Orion systems at OCCIP-Coord@treasury.gov or anonymously through FS-ISAC at sharingops@fsisac.com. 

CUNA will provide more information as it becomes available. We are working with the NCUA, Treasury, and other government agencies to determine the impact on the financial sector and next steps for credit unions.