Just three months after the National Credit Union Administration (NCUA) put into place a final rule requiring federally chartered and federally insured credit unions to notify NCUA of a “reportable cyber incident,” about 60 credit unions in the United States experienced outages because of a ransomware attack on an IT provider the institutions use, according to a U.S. federal agency.
The final NCUA rule went into effect on September 1, 2023, requiring that affected credit unions should notify the NCUA “as soon as possible and no later than 72 hours” after the credit union “reasonably believes” the incident has occurred.
