Resources to help you navigate the changing regulatory landscape

Banking cybersecurity illustration

ATM Compromise: Action Required if CUs Use QSI Equipment

This message is to inform you about a cybersecurity incident involving QSI (Quality Service Installation), an ATM and banking equipment provider. This incident has reportedly begun to impact some credit unions, though the extent of the impact is yet to be determined.

To ensure situational awareness and prompt mitigation of potential risks, we are issuing this advisory. Please keep in mind this situation is dynamic and evolving.

Who is QSI?
QSI is a financial reseller of NCR Corporation, previously known as National Cash Register. NCR Corporation is an American software company specializing in providing turnkey ATM and ITM (Interactive Teller Machine) solutions, including professional services, to financial institutions. QSI offers a range of services, including remote compliance services, equipment outsourcing, and full-service bank equipment solutions including ATM installation and services, traditional installation and services, lock and security installation and services, managed services, ITM solutions, and NCR products.

Incident Overview
According to credit union reports and QSI’s message to clients, it has encountered a cybersecurity attack that may have compromised their systems. This may have exposed sensitive customer information, though none has been reported at this time.

Potentially affected credit unions should stay in contact with QSI and consult with their cybersecurity experts on responding to this event. Below are some general steps credit unions can take for this event:

  • Assess Impact: Verify whether your credit union relies on QSI for ATM and ITM services or any related functions. Determine the extent of your institution’s dependence on QSI to gauge potential vulnerabilities.
  • Incident Response Team Activation: If your credit union is among those affected, activate your incident response team. Determine if any systems or endpoints have been compromised and consider isolating. Work with cybersecurity experts to identify the nature and extent of any compromise and to guide the remediation process. Ensure you have secure and up-to-date backups as applicable and a plan for data reconciliation and restoration if necessary.
  • Enhanced Monitoring: Heighten the monitoring of your systems and member accounts for any unusual or suspicious activities, particularly related to ATM transactions and access to customer information.
  • Member Communication: Prepare informative communications for your members regarding the situation.
  • Regulatory Compliance: Adhere to all legal and regulatory obligations, including reporting the incident to appropriate authorities and regulatory bodies, as required.

Please contact your regional office or state supervisory authority if you have any questions about this advisory.

Access the ‘Compliance Hotline’
Your League-member benefits include the Compliance Hotline — providing exclusive access to dedicated compliance experts:

Using the above phone number and email address, you can gain access to a knowledgeable team that’s ready to address all your credit union’s compliance inquiries — promptly and efficiently. With the Compliance Hotline, you can proactively respond to impromptu questions and issues by getting clarity and insight on technical topics that normally slow you down. We want to help you unlock the full potential of your League membership by leveraging the resources and support you need to navigate the complex world of compliance effortlessly. We’re ALWAYS just a phone call or email away!

Additionally, other League-member compliance resources include: 

  • ViClarity
  • CU PolicyPro
  • ComplySight
  • InfoSight
  • CU Store
  • Record Retention Guide
  • GRC Technology Solutions 

For more information, email Lisa Quaranta.

Powered by ViClarity, a California and Nevada Credit Union Leagues company.

 

Become an Industry Supporter

Get membership information

Please contact me about compliance

Contact me about Credit Union Solutions

Education & Professional Development