WASHINGTON—CUNA is urging NCUA to cease collecting any data from credit unions until it is able to determine whether the agency was breached as part of a massive cyberattack against the federal government.
Separately, the trade group has also announced results of its board elections.
The so-called SolarWinds attack is now being considered one of the most significant cyberattacks in recent history, according to cybersecurity experts. Hackers corrupted a software update for Orion, an IT monitoring platform, to infiltrate nearly every sector of the economy, allegedly including credit unions and other financial institutions.
“As the NCUA seeks to determine the attack’s impact on the agency and as credit unions do the same, CUNA members have two concerns,” wrote CUNA President/CEO Jim Nussle in a letter to the agency. “First, we urge the agency to be forthright in its communications with credit unions if it is determined that the agency is impacted. Second, we call on NCUA to suspend the collection of data from credit unions until it can ascertain that its systems have not been and are not compromised.”
CUNA also wants NCUA to consider issuing guidance to alleviate stress from impacted credit unions as the full scope of the data breach will not be known for quite some time due to the complexity and sensitive nature of the attack.
‘Active Exploitation’ Alert
The data breach, which is believed to have started in March, pushed malicious code to an estimated 18,000 SolarWinds customers via Orion. These customers include government agencies, financial institutions, and vendors serving financial institutions.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on the “active exploitation” of SolarWinds software and one on the “advanced persistent threat,” as well as an emergency directive calling on affected organizations take several mitigation actions.
The Treasury Department is seeking feedback from financial institutions that have run the compromised SolarWinds Orion systems at OCCIP-Coord@treasury.gov or anonymously through FS-ISAC at sharingops@fsisac.com.
CUNA Board Elections
Meanwhile, CUNA has announced the results of its latest board elections.
Directors elected will take office upon the adjournment of CUNA's Annual General Meeting virtually on March 2, during CUNA Governmental Affairs Conference (GAC) and will serve for a three-year term, CUNA said.
The following individuals have been elected:
- District 1, Class B (Credit unions with at least 38,000 and not more than 141,000 members in Connecticut, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, Vermont, Puerto Rico and Virgin Islands): Amey R. Sgrignoli, Belco Community CU, Penn.
- District 3, Class A (Credit unions with less than 38,000 members in Alabama, Arkansas, Florida, Georgia, Louisiana, Mississippi, North Carolina, South Carolina and Tennessee): Ron Smith, Enbright CU, Tenn.
- District 4, Class B (Credit unions with at least 38,000 and not more than 141,000 members in Illinois, Iowa, Michigan, Minnesota, Missouri and Wisconsin): Patrick Pierce, City & County CU, Minn.
- Class C (2 positions) (Credit unions having more than 141,000 natural-person members, elected at-large nationwide): Lisa Ginter, CommunityAmerica CU, Kansas., and Paul A. Marsh, Teachers CU, Indiana.
Other Results
Last month, the following individuals were elected to the CUNA board:
- District 5, Class A (Credit unions with less than 38,000 members in Arizona, Colorado, Kansas, Montana, Nebraska, New Mexico, North Dakota, Oklahoma, South Dakota, Texas, Utah and Wyoming): Maria Martinez, Border FCU, Texas
- Class D (Leagues, elected at-large nationwide): Tom Kane, Illinois CU System and Fred Robinson, Tennessee CU League