CUNA reports:
NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or has received a notification from a third party regarding a reportable cyber incident.
The rule defines a cyber incident as an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system or actually or imminently jeopardizes, without lawful authority, an information system.
Read more at CUNA.org.