Why data security – and third-party vendors – is an NCUA priority

We’ve all become used to, and perhaps overwhelmed by, headlines about major data breaches at financial institutions, retail firms, health care organizations, credit rating companies and government agencies. Hacks at JP Morgan Chase, Dow Jones, Home Depot, Target, health insurer Anthem, and the Office of Personnel Management exposed personal data, from tens of millions of Americans to fraudsters and other criminals.

Every day you hear about another data breach or electronic fraud stemming from a theft or breach of data. Increasingly small and medium credit unions are targeted by ever more capable cyber criminals and other groups with bad intentions. More than ever before, small and medium credit unions need to be aware and prepared to deal with the damage caused by third-party breaches, as well as, attacks on their own systems.

You may have heard of Lin Mun Poo, a Malaysian hacker, arrested by the FBI and sentenced to 10 years in prison, for hacking into the Cleveland Federal Reserve and possessing 400,000 stolen card numbers. Less well-known was the fact that he also possessed files from a small credit union vendor including member files from several credit unions held on that vendor’s servers.

continue reading »