ALEXANDRIA, Va. (Jan. 15, 2015) – The National Credit Union Administration Board has approved payment of up to $50,000 for costs associated with a data breach at Palm Springs Federal Credit Union of Palm Springs, California.
NCUA will pay the credit union for activities such as credit report monitoring for members, credit union staff time associated with the breach and legal fees. To date, the related costs associated with the data breach are approximately $36,000. Payments will come from NCUA’s existing operating funds. In the event costs ultimately exceed $50,000, subsequent Board action would be required.
As a result of a failure to follow longstanding agency policies on securing sensitive data, a thumb drive given to an examiner was lost during an examination of Palm Springs Federal Credit Union. The thumb drive did not include passwords or PINs. NCUA has received no indication of any unauthorized access to members’ accounts or attempts to gain improper access.
NCUA takes its responsibilities for the security of credit union members’ personally identifiable information very seriously and is committed to ensuring data shared in exams is protected at all times. The agency is taking appropriate action with staff involved in the incident and is reinforcing training on protecting sensitive information and reviewing regulations, policies and procedures in this area. NCUA is also moving as quickly as possible to consider and adopt additional safeguards to protect electronic data.
NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, NCUA operates and manages the National Credit Union Share
Insurance Fund, insuring the deposits of account holders in all federal credit unions and the overwhelming majority of
state-chartered credit unions. At MyCreditUnion.gov, NCUA also educates the public on consumer protection and financial literacy issues.