FinAi News

No products in the cart.

Subscribe
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
Log In
No Result
View All Result
  • Banking
  • Lending
  • Payments
  • Risk & Security
  • Strategy
FinAi News
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
BAN PLUS
Log In
No Result
View All Result
FinAi News
No Result
View All Result

Leaked employee credentials, older software could put credit unions at risk

Credit Unions fend off rising cyber threats with automated solutions

Jaspreet KalrabyJaspreet Kalra
March 23, 2021
in Risk & Security
Reading Time: 3 mins read
0
Share on Facebook

As credit unions increasingly pivot to digital platforms and solutions, flaws in their cyber meshes may become an expensive point of weakness.

Credit unions face risks associated with out-of-date operating systems and employee credentials leaked onto the dark web, according to a report released last week by cyber-risk rating platform Black Kite. With about 5,200 credit unions operating in the U.S., the report offers a snapshot of the risks facing them, their vendors and their customers in an increasingly digitized system.

The report combined data gathered by the firm’s cyber-risk platform with publicly available information, including some found on the dark web, to assess the credit unions’ security. For the report on the credit unions and their vendors, the Boston-based company adopted a “hacker’s point of view,” Bob Maley, the firm’s chief information security officer, told Bank Automation News. Black Kite’s platform is utilized by lenders like the $1.4 billion Bay Federal Credit Union in Santa Cruz, Calif., and analytics software provider Alteryx, among others.

An overwhelming majority of the 250 credit unions surveyed for the report, or 86%, had at least one breached employee credential available on the dark web, and more than 70% used at least one login form that doesn’t restrict excessive authentication attempts using bots — opening the door for attempted attacks. Such attacks occur when a malicious actor sends multiple requests, often via a bot, to access the attacked website and breach the website’s traffic capacity, thereby crashing it.

As cyber threats continued to rise throughout 2020, with attacks on platforms like Twitter and IT vendor Solar Winds, automation may offer a solution for financial institutions. Machine learning-based models can help reduce false positives by taking additional information into account, like name, birth date, etc., although deploying them usually involves a lengthy training process.

Some credit unions, like the $13 billion First Tech Credit Union in Palo Alto, Calif., have implemented solutions based on artificial intelligence for threat monitoring that can “determine if it is a person or a bot using their systems, based on how fast they are typing,” said Mike Upton, chief digital and technology officer at First Tech. He said the credit union uses a multilayered defense strategy that includes “user authentication, firewalls, human analysts, and verification of transactions and logins.”

While Maley declined to comment on whether Black Kite services any of the unions analyzed by the report, he said “so many new [data] dumps” have appeared on the dark web in recent months, it may indicate hackers’ increased interest in credit unions as consumers lean toward local banking. Vendors used by credit unions could also be leveraged as a gateway into their systems by nefarious actors since “one of the most common data breach amplifiers is third-party involvement,” the report states.

Threats to credit unions are coming from all sides. Eighty-eight percent of the vendors analyzed in the report do not have a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy record for email authentication, which could expose credit unions to spam and phishing attacks. Also, about 65% of vendors use an “invalid, incorrect, expired, or self-signed,” security sockets layer (SSL) certificate. The certificate enables encryption and ensures information travels safely on the internet; without it, customers can be at risk.

While passwords have long been the sentries of our digital world, an increasing reliance on them and cross-purpose use can also put users at risk. “Bad actors are good at figuring out what we do,” Maley told BAN.

Bank Automation Ignite, on April 13-14, is the event for inspiring automation initiatives and investment in financial services. At the virtual event, financial services professionals can discover new use cases and technologies that are accelerating automation in banking. Learn more and register at www.BankAutomationIgnite.com.

Tags: credit unionscybersecurityPremium
Previous Post

Cloud data platform Aunalytics targets mid-sized financial institutions with automated analytics

Next Post

Old National Bank further enhances credit and risk strategy with OakNorth’s Credit Intelligence Suite

Related Posts

Flagright logo
Risk & Security

VCs invest in AI anti-crime compliance systems

June 30, 2026
(AI-generated)
Risk & Security

BOE’s Breeden warns AI agents risk causing market meltdowns

June 30, 2026
Cybersecurity locks among multiple data points
Risk & Security

CISA creates cybersecurity prioritization, patch protocol

June 29, 2026
Next Post
Old National Bank further enhances credit and risk strategy with OakNorth’s Credit Intelligence Suite

Old National Bank further enhances credit and risk strategy with OakNorth’s Credit Intelligence Suite

EMERGING FINTECH DIRECTORY

Emerging Fintech Directory

The Buzz Podcast

SPONSORED

How AI and Product Experts Turn Fuzzy Requirements Into Focused Dev-ready Roadmaps

April 19, 2026

Is Your Technology Supplier There for You?

April 1, 2026

Hiding in Plain Sight: How to Use Data to Spot Consumer Accounts Being Used by Small Businesses

November 10, 2025

  • About Us
  • Help Center
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Advertise

 [wt_cli_manage_consent]

Connect

twitter linkedin podcast podcast podcast
© 2026 Royal Media
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Unlock This Article

Create your free FinAi News account to access this article and stay informed on how AI is transforming financial services including banking, lending, payments, and risk.

Yes, I'd like to receive FinAi News updates, breaking news, and exclusive AI insights for financial services leaders.

Continue Reading with FinAi News Premium - Less than $2/Day

Upgrade to FinAi News Premium for unlimited access to news, insights, trends, and intelligence on how AI is transforming financial services including banking, lending, payments, and risk.
Upgrade to FinAi News Premium Subscription
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account