MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems. There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.
To address this issue, CISA advises credit unions to review MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.
If a credit union uncovers an incident:
Report the incident to CISA through its 24/7 Operations Center at report@cisa.gov or by calling 888-282-0870.
Evaluate whether data has been compromised — if a credit union suspects data has been compromised, it should report the incident to the local FBI Field Office.
Report the incident to its respective regulatory authority — either the State Supervisory Authority or the NCUA.
Prudent credit unions have effective procedures for monitoring, sharing, and responding to threat and vulnerability information. The Federal Financial Institutions Examination Council’s Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement provides valuable guidance. Credit unions can reach out to their primary federal or state regulator for further clarification and best practices.
Credit Union Rock Stars are outstanding credit union professionals and directors from a wide range of disciplines who inspire and innovate to advance the missions of their credit unions. The 25 members of the 11th class of Rock Stars were selected for their exceptional creativity, innovation, and passion.
