Credit Unions' Next Cybersecurity Threat Could Be an Inside Job
Sometimes the biggest cybersecurity threat to a credit union is its own employees.
[...]
Desjardins's breach touches upon the importance of credit unions being mindful of evolving data privacy laws. All 50 states have data breach notification laws, but at least 30 states have enacted or are considering bills that would amend existing laws, said Scott Wortman, a partner at Blank Rome.
But the Gramm-Leach-Bliley Act requiring institutions to have "an affirmative and continuing obligation to protect a consumer's privacy and the confidentiality of their personal information," remains pretty concrete, Wortman said.
"There's a question that regulators, whether it's federal regulators or regulators in the state, or I'm guessing regulators in Canada, too, are going to want to get to the bottom of," Wortman said. "And that is: How did one employee have so much access to such highly confidential information?"
"Credit Unions' Next Cybersecurity Threat Could Be an Inside Job," by Melissa Angell was published in Credit Union Journal on July 2, 2019.