- Ransomware attacks impacting critical systems or data.
- Unauthorized access to an information system containing a substantial amount of sensitive member information.
- Data breach exposing a substantial amount of employee personal identifiable information.
- Distributed denial of service attack causing significant downtime.
- Phishing attack resulting in successful installation of malware.
- Theft or loss of unencrypted device containing sensitive information.
- Compromise of online banking platform or mobile application.
- Social engineering attack leading to fraudulent wire transfers.
- Unauthorized alteration or destruction of financial data.
- A computer hacking incident that disrupts a federally insured credit union’s operations.
- Third-party notification to a federally insured credit union that the third party has experienced a breach of a credit union’s sensitive member information.
- A detected, unauthorized intrusion into a network information system.
- Discovery or identification of zero-day malware in a network or information system.
- Internal breach or data theft by an insider.
- Sensitive data exfiltrated outside of the federally insured credit union’s or a contracted third party in an unauthorized manner, such as through a flash drive or online storage account.
- Member information compromised because of card skimming at a credit union’s ATM.
- Misconfiguration of information system(s), such as application programming interfaces, databases, storage accounts, exposing a substantial amount of sensitive member information.
Appendix A: Examples of Substantial Incidents that Likely Would Qualify as Reportable Cyber Incidents
Last modified on