NCUA’s Reckless Cybersecurity Standards Put Members at Risk

News & Insights

And the hits keep coming for the credit union industry regulator. Turns out the NCUA Inspector General has had a very busy couple of years. Shortly after the release of its 2018 Material Loss Review, the Office of the Inspector General released a new report revealing NCUA “did not adequately monitor, account or dispose of its IT materials” between 2014-2017. According to the report, NCUA was unable to account for 25 percent of all its IT equipment, a.k.a., materials holding sensitive and valuable financial and personal data of members.

As a financial regulator, NCUA should know that cybersecurity isn’t something to take lightly. When technology isn’t accounted for, it becomes easier and easier for those items to mysteriously go missing – whether by accident or knowingly by an employee with bad intentions (and as we’ve seen in the past year with the 20+ cases of embezzlement, fraud and theft, not all credit union and NCUA employees are to be trusted). There’s a major industry issue when not only the credit unions, but their regulator as well, are unwilling to protect members from these major threats.

You’d also think that after an NCUA examiner caused a major data breach in 2014 after losing a flash drive filled with members’ personal information, the industry regulator would have quickly set up a new system to prevent this from occurring again. It’s been five years, for goodness sake (and reminder that it took NCUA three years to send credit unions a simple letter warning them of the effects of risky taxi medallion loans). But once again, we find NCUA’s incompetence working against any real progress, all at members’ expense.

The report also revealed that NCUA not only put credit union members’ personal financial data in jeopardy, but that it also chose to spend $440,000 on “unnecessary equipment” – funds that could have been better used to, say, support the credit unions that are actually serving communities of modest means.

And apparently credit union industry trade groups have “cautioned against making broad generalizations based on one report.” Here’s the problem (looking at you CUNA and NAFCU) – this isn’t just one report. This is one of a series of negative reports from credible sources that point out NCUA’s ineptitude in a diversity of ways. We can’t give NCUA the benefit of the doubt anymore, because it’s clear that the wellbeing of members and taxpayers is on the line.  

Top