Go to main content Virginia Credit Union League Virginia Credit Union League
Home NCUA Letter to Credit Unions (23-CU-07): Cyber Incident Notification Requirements

NCUA Letter to Credit Unions (23-CU-07): Cyber Incident Notification Requirements

Authored By: Lewis Wood on 8/14/2023

Beginning on September 1, 2023, all federally insured credit unions must notify the NCUA as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.

This letter summarizes the amendments to part 748, known as the Cyber Incident Notification Requirements rule. It also provides instructions on what and how to report to the NCUA, and includes examples of both reportable (see Appendix A) and non-reportable (see Appendix B) incidents. To facilitate incident reporting, the NCUA is also enclosing a cyber incident reporting quick reference guide.

Read the Letter to Credit Unions



« Return to "News" Go to main navigation