ALEXANDRIA, Va.—The fact that Target Corp.'s massive data breach may have resulted from thieves' use of a vendor's credentials sends a message that attention to third-party relationships is critical to protecting member data, said NCUA Chairman Debbie Matz.
According to a recent Bloomberg News report, forensic investigation indicates that hackers stole a vendor's credentials, which were then used to access Target's data system.
With cyber attacks becoming increasingly frequent and more damaging, credit unions need to be aware of their vulnerabilities and take the necessary steps to protect members' financial information and prevent service disruptions, according to Matz.
"This is a top supervisory issue for NCUA in 2014," she said. "Individual credit unions need to assess the security of their networks, and if they hire outside vendors to process information or provide security, they need to perform thorough, ongoing due diligence with those vendors to make sure they meet the highest standards of data security to protect information."
Congress is paying close attention to this issue this week.
Target's Executive VP and CFO John Mulligan is scheduled to testify Tuesday morning in front of the Senate Judiciary Committee in a hearing focusing on digital privacy, preventing data breaches and combating cybercrime.
Michael Kingston, a senior vice president and the chief information officer of the Neiman Marcus Group, is also scheduled to testify at the hearing. Like Target, Neiman Marcus was struck by data hackers during the all-important holiday shopping season.
In a previous interview with Credit Union Journal, Matz encouraged CUs to expand their cyber security expertise.
"Credit unions really need to stay on top of this issue, which means working with experts outside the credit union and not just relying on internal IT staff to protect their systems," she said. "If the credit union has a weakness in their internal systems it really is a weakness in the entire credit union system."
