Skip to main content
United States flag An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Show

Cyber Incident Reporting

Banner image

Cyber Incident Notification Requirements

NCUA 12 CFR 748 (You will be leaving NCUA.gov and accessing a non-NCUA website. We encourage you to read the NCUA's exit link policies. (opens new page).)

The National Credit Union Administration amended Part 748 of its regulations to require a federally insured credit union (FICU) that experiences a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident. This notification requirement provides an early alert to the NCUA and does not require a FICU to provide a detailed incident assessment to the NCUA within the 72-hour time frame.

Cyber Incident Reporting Quick Reference Guide

When to Report

A federally insured credit union that experiences a reportable cyber incident must report the incident to the NCUA as soon as possible and no later than 72 hours after the credit union reasonably believes that it has experienced a reportable cyber incident.

How to Report

To report a cyber incident, federally insured credit unions may notify the NCUA through the following channels:

What to Report

Federally insured credit unions should be prepared to provide the following information, if known, at the time of reporting.

  • Reporter Name and Title: Name and title of individual reporting the incident
  • Callback Number: Best callback number for the NCUA to contact regarding the incident
  • Charter Number: Do not include leading zeros
  • Credit Union Name: Name of affected credit union
  • Date and Time Identified: The date and time the credit union reasonably believes a reportable cyber incident took place
  • Description: A general description of the reportable cyber incident:
    • What services were impacted?
    • Was sensitive data or member information compromised?
    • What impact did it have on operations?

At the time of initial notification, do not send the NCUA:

  • Sensitive personally identifiable information;
  • Indicators of compromise;
  • Specific vulnerabilities; or
  • Email attachments.
Last modified on