CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • COVID-19
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Compliance: What’s next with SolarWinds attack?
Policy & Issues

Compliance: What’s next with SolarWinds attack?

January 6, 2021
Enhancing Detection Improves Credit Union Cybersecurity & Compliance

As the scope of the SolarWinds cyberattack is still being explored, CUNA’s compliance staff examine what credit unions can do next in a recent CompBlog entry.

The attack affected an estimated 18,000 SolarWinds customers, which include government agencies, Fortune 500 companies, financial institutions, and vendors serving financial institutions.

Credit unions running SolarWinds Orion software should refer to the company’s security advisory to determine whether systems were compromised and obtain the company’s breach mitigation recommendations.

Non-SolarWinds customers should contact their IT vendors to determine whether they utilized the SolarWinds Orion software, and if so, what steps they’re talking to ensure that the credit union’s data is secure.

NCUA’s rules and regulations call on credit unions to have in place procedures to:

  • Assess the nature and scope of an incident; identify what member information systems and types of member information have been accessed or misused.
  • Notify the appropriate NCUA Regional Director or applicable state supervisory authority as soon as possible when the credit union becomes aware of an incident involving unauthorized access to or use of "sensitive" member information.
  • Notify appropriate law enforcement authorities in situations involving criminal violations requiring immediate attention.
  • File a timely Suspicious Activity Report (SAR) for reportable violations.
  • Take appropriate steps to contain and control the incident to prevent further unauthorized access to or use of member information (e.g., monitoring, freezing, or closing affected accounts) while preserving records and other evidence.
  • Notify affected members when the incident involves unauthorized access to member information systems that could result in substantial harm or inconvenience to the member.

Credit Union Magazine - Winter 2020

Winter 2020

Credit Union Magazine’s Winter 2020 edition features CUNA’s 2021 lending outlook, CEO insights on adjusting to the pandemic, and board recruitment strategies.
Digital Edition •  Subscribe

Trending

  • Compliance: 2020 Year in Review, Checklist now available

  • 5 fraud predictions for 2021

  • CUNA sends recommendations to incoming Biden administration

Tweets by CUNA_News

Polls

Will you ask employees to receive the coronavirus vaccine?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites
  • Privacy Policy

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors