Skip to content

NCUA Cyber Incident Reporting Requirements Take Effect Sept. 1

In a Letter to Credit Unions, the NCUA is reminding federal credit unions that tighter notification requirements regarding cyber incidents will take effect Sept. 1. Under rule changes adopted in February, the agency will require notification as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.

The letter summarizes the amendments and provides instructions on what and how to report to the NCUA, and includes examples of both reportable (see Appendix A) and non-reportable (see Appendix B) incidents. To facilitate incident reporting, the NCUA is also providing a cyber incident reporting quick reference guide.

Recent News

Join Our Mailing List

Keep up with the latest industry info, advocacy updates, member spotlights and upcoming events.