United States flag An official website of the United States government
News Español Contact Us
Search
Show

Cyber Incident Reporting

Banner image

Cyber Incident Notification Requirements

NCUA 12 CFR 748

The National Credit Union Administration amended Part 748 of its regulations to require a federally insured credit union (FICU) that experiences a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident. This notification requirement provides an early alert to the NCUA and does not require a FICU to provide a detailed incident assessment to the NCUA within the 72-hour time frame.

Cyber Incident Reporting Quick Reference Guide

When to Report

A federally insured credit union that experiences a reportable cyber incident must report the incident to the NCUA as soon as possible and no later than 72 hours after the credit union reasonably believes that it has experienced a reportable cyber incident.

How to Report

To report a cyber incident, federally insured credit unions may notify the NCUA through the following channels:

What to Report

Federally insured credit unions should be prepared to provide the following information, if known, at the time of reporting.

  • Reporter Name and Title: Name and title of individual reporting the incident
  • Callback Number: Best callback number for the NCUA to contact regarding the incident
  • Charter Number: Do not include leading zeros
  • Credit Union Name: Name of affected credit union
  • Date and Time Identified: The date and time the credit union reasonably believes a reportable cyber incident took place
  • Description: A general description of the reportable cyber incident:
    • What services were impacted?
    • Was sensitive data or member information compromised?
    • What impact did it have on operations?

At the time of initial notification, do not send the NCUA:

  • Sensitive personally identifiable information;
  • Indicators of compromise;
  • Specific vulnerabilities; or
  • Email attachments.
Last modified on