NCUA Notifies Credit Unions on CISA Cybersecurity Advisory

Credit unions are being encouraged by the National Credit Union Administration (NCUA) to review a cybersecurity notification from the Cybersecurity and Infrastructure Security Agency (CISA), which recently published a “Progress Software Releases Security Advisory for MOVEit Transfer” regarding a critical vulnerability impacting the MOVEit Transfer web application.

You can view details of the vulnerability here.

“MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems,” CISA stated. “There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.”

To address this issue, the NCUA noted CISA is advising credit unions to review the MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively search for any signs of malicious activity.

According to the NCUA, a credit union finding an episode/event should:

• Give notice of the incident to its respective regulatory authority (the state regulator or the NCUA).
• Notify the CISA through its operations center (report@cisa.gov), or call 1-888-282-0870.

Review if data/information has been compromised. If so, then a credit union should report the incident to the local Federal Bureau of Investigations (FBI) field office.