In light of the recent large-scale data breach at Equifax, credit unions have been reaching out to NAFCU with questions. Strictly speaking, credit unions do not have any specific regulatory obligations with regard to this third-party breach, so how an individual credit union chooses to serve its members in connection with the breach is a business decision. However, as member-owned cooperative institutions, credit unions are often focused on how to assist members. Consumers may be confused about how to check if they are impacted by the breach and take steps that may limit the potential for identity theft.
Here are some resources for credit unions working with members may find helpful.
- The Federal Trade Commission's (FTC) Equifax Data Breach: What to Do webpage
- FTC's Business Blog post, Fraud alerts vs. credit freezes: FTC FAQs
- IdentityTheft.gov provides consumer-facing guidance specific to the Equifax breach
- CFPB's blog post Identity theft protection following the Equifax data breach
- Members can access their credit reports at AnnualCreditReport.com
- Equifax's Notice of the Breach, including ID Theft Prevention Tips and regulatory contact info
- Equifax's FAQs about the Breach
- Krebs on Security –The Equifax Breach: What You Should Know;
Credit unions may also consider revisiting guidance related to authenticating members' identities and identity theft red flags:
- NCUA regulation, identity theft red flags and related Letter to Credit Unions
- CFPB regulation on proof of identity
- Guidance on Authentication in an Internet Banking Environment (guidance and supplement)
NAFCU Resources and Information
- Free Webcast: Equifax Data Breach - Your Vital Next Steps (Available on-demand until September 28, 2018)
- NAFCU Compliance Blog post: Equifax Breach Update - What NAFCU Is Doing (November 3, 2017)
- NAFCU Compliance Blog post: After the Equifax Epic Data Breach Fail - What Next? (September 15, 2017)