"Federally Insured Credit Unions Required to Report Cyber Incidents Within 3 Days"
The National Credit Union Administration (NCUA) recently announced that it is updating its cyberattack reporting rules, requiring all federally insured credit unions to report incidents within 72 hours of discovery. The new policy, NCUA announced, comes into effect on September 1 and will cover all incidents that impact information systems or the integrity, confidentiality, or availability of data on those systems. NCUA defines reportable incidents as those leading to network or system compromise following unauthorized access to or exposure of sensitive information or to the disruption of services or operational systems. The organization noted that incidents involving unauthorized tampering with information systems or erroneous exposure of sensitive data are also reportable. NCUA stated that credit unions will continue to rely on the previous reporting framework for incidents that do not trigger reporting under the new regulation but involve unauthorized access to user information.