In the past few weeks, NAFCU has been focused on defending credit unions from the fallout of the Equifax breach specifically, and the cybersecurity risks posed by third parties generally. At this moment, the door is open to cybersecurity legislation that could have real positive impact for the credit union industry, and NAFCU is moving to seize on that opportunity. As legislation may be the best hope to protect credit unions from another breach like the one at Equifax, I’d encourage your credit union to engage with your Members of Congress to ensure they understand that credit unions must be protected in the future. Please visit our Grassroots Action Center for more information.

Equifax Botched It

Equifax was warned of the vulnerability which lead to the breach in December, 2016. This March, Equifax ignored a notification from the Department of Homeland Security, CERT to fix that vulnerability. In August, following the breach, Equifax established an insecure domain for its breach response site which was spoofed. In early October, Equifax’s credit protection website was discovered to be hosting malware. The hits keep coming for Equifax, and whatever credibility Equifax might have still had after the breach, it is now completely gone. Equifax is trying to leave consumers, credit unions and other financial institutions to foot the bill for its mess. NAFCU is engaging on all fronts to make sure that doesn’t happen.

continue reading »