CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact

News

Home » Compliance: What’s next with SolarWinds attack?
Policy & Issues

Compliance: What’s next with SolarWinds attack?

January 6, 2021
Enhancing Detection Improves Credit Union Cybersecurity & Compliance

As the scope of the SolarWinds cyberattack is still being explored, CUNA’s compliance staff examine what credit unions can do next in a recent CompBlog entry.

The attack affected an estimated 18,000 SolarWinds customers, which include government agencies, Fortune 500 companies, financial institutions, and vendors serving financial institutions.

Credit unions running SolarWinds Orion software should refer to the company’s security advisory to determine whether systems were compromised and obtain the company’s breach mitigation recommendations.

Non-SolarWinds customers should contact their IT vendors to determine whether they utilized the SolarWinds Orion software, and if so, what steps they’re talking to ensure that the credit union’s data is secure.

NCUA’s rules and regulations call on credit unions to have in place procedures to:

  • Assess the nature and scope of an incident; identify what member information systems and types of member information have been accessed or misused.
  • Notify the appropriate NCUA Regional Director or applicable state supervisory authority as soon as possible when the credit union becomes aware of an incident involving unauthorized access to or use of "sensitive" member information.
  • Notify appropriate law enforcement authorities in situations involving criminal violations requiring immediate attention.
  • File a timely Suspicious Activity Report (SAR) for reportable violations.
  • Take appropriate steps to contain and control the incident to prevent further unauthorized access to or use of member information (e.g., monitoring, freezing, or closing affected accounts) while preserving records and other evidence.
  • Notify affected members when the incident involves unauthorized access to member information systems that could result in substantial harm or inconvenience to the member.

Credit Union Magazine: Spring 2022

Spring 2022

Credit Union Magazine’s Spring 2022 edition profiles four Credit Union Heroes and examines CUNA's advocacy priorities, the advocacy army, and financial well-being for all.
Digital Edition •  Subscribe

Trending

  • Credit unions foster financial well-being in members, survey shows

  • House passes CUNA-backed fair hiring bill

  • Final flood Q&As reflect CUNA-sought clarifications

Tweets by CUNA_News

Polls

Are you ready for CECL?

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2022 Credit Union National Association | ADA Compliance Notice & Legal
Email Us