CUNA is now America's Credit Unions.
A stronger voice to advance the credit union industry.
NCUA has observed a rise in cyberattacks against credit unions, credit union service organizations (CUSOs), and other third-party vendors supplying financial services products.
These include an incident directly related to a critical vulnerability in the MOVEit Transfer web application, as well as other attacks unrelated to MOVEit.
The critical vulnerabilities in the MOVEit Transfer web application are:
NCUA is asking credit unions to be vigilant in protecting their data and operations from all threats, including ransomware, phishing or social engineering leading to business email compromises, and distributed denial-of-service (DDoS) attacks.
We urge all credit unions and associated entities to take immediate and comprehensive action to protect their systems, sensitive data, and the financial well-being of their members. The NCUA recommends the mitigation steps and best practices listed below to safeguard against these evolving cyber threats:
Proactive cybersecurity measures safeguard the integrity, confidentiality, and availability of credit union systems and data. By adopting these mitigation steps and best practices, credit unions and their partners can enhance their security posture and protect against the recent uptick in cyberattacks.
Credit unions requiring further assistance or with questions related to cybersecurity, should contact their Regional Office or visit NCUA’s Cybersecurity Resource Center.