New cyberattack reporting rules for federally insured credit unions unveiled

SecurityWeek reports that all federally insured credit unions are being compelled to notify cybersecurity incidents within three days of discovery under the National Credit Union Administration's updated cyber reporting rules, which will be effective on Sept. 1. Incidents that should be reported within a 72-hour period include those that involve network or system breaches stemming from unauthorized data access, information system tampering, and wrongful exposure of sensitive information, according to the NCUA. Federal credit unions should also report distributed denial-of-service attacks and other intrusions that could result in business interruptions, as well as member account access disruptions stemming from prolonged system malfunction and third-party data breaches within the same period. However, no notifications are needed for averted phishing attacks and other failed cyberattack attempts. "By following these guidelines and implementing the cyber incident notification requirements, your credit union can enhance its overall cybersecurity posture and improve incident response capabilities," the NCUA said.