As I am sure we remember all too well, there have been a few rather high profile data breaches in recent years, including Target in 2013, Home Depot and JP Morgan in 2014, OPM in 2015, and Yahoo in 2016. Given the amount of personal and financial information available from companies such as these, hackers can obtain a significant amount of information by accessing a single company’s records. In the breaches mentioned above, information was obtained from over one billion individuals. The information included debit and credit card numbers, full names, dates of birth, addresses, e-mail addresses, phone numbers, and Social Security numbers.

So, the question is… how can a credit union protect its members’ personal and financial information? First, a starting point is NCUA’s requirements on security programs. Part 748 covers the requirements and standards for a credit union’s security program. Second, there is a wealth of resources to take advantage of on this topic. NCUA and the FFIEC have numerous resources available to assist credit unions in evaluating risk and protecting information. Finally, in some cases it may be appropriate to take action. In some cases, it may be necessary to report an incident.

continue reading »