• No results found

Cyber Incident Response Communications Plan - August 2014.doc

N/A
N/A
Protected

Academic year: 2021

Share "Cyber Incident Response Communications Plan - August 2014.doc"

Copied!
16
0
0

Loading.... (view fulltext now)

Full text

(1)

MUFG U

NION

B

ANK

, N.A.

C

YBER

-S

ECURITY

I

NCIDENT

R

ESPONSE

C

OMMUNICATIONS

P

LAN

August 2014

(2)

I.

S

ITUATION

Cyber incidents impacting financial institutions with intended disruption to operations, identity theft, fraud through customer account takeovers and other crimes will continue to plague the industry. This

communications plan identifies the early communication response team, responsibilities the team, and alternatives for communicating with stakeholders.

II.

CYBER-SECURITY INCIDENT RESPONSE

T

ASKFORCE

INTEGRATED SERVICES/IT Dana Edwards Gary Lorenz CORPORATE COMMUNICATIONS Thomas Hoagwood Daniel Weidman

MARKETING / SOCIAL MEDIA CHANNELS Juan Silvera RISK / BURM Thomas McGovern LEGAL Gino Chilleri COMPLIANCE/PRIVACY OFFICE Robert Patchett

ENTERPRISE FRAUD MANAGEMENT Darcy Bass (Kathleen Fiumara – back-up) E-COMMERCE

Ramon Kurkchubasche

ENTERPRISE BUSINESS CONTINUITY Barry Gorelick

RETAIL CUSTOMER SERVICE / CALL CENTER Michael Kottwitz

LIAISON OFFICE Yujiro Nemoto

III.

T

ASKFORCE

R

ESPONSIBILITIES Integrated Services/IT

 Provide facts on technical information about the situation, impact, and approach toward mitigation for accuracy of messages.

 Regularly update the Taskforce to changes in the situation and mitigation efforts.

 Report to CIO’s and ECA, as necessary. Corporate Communications

(3)

 Manage consistency in communications across MUFG Union Bank.

 Coordinate messages with CEOA, West Coast President, EC members and Board of Directors, as necessary.

 Create overall enterprise messages; customer messages through channels.

Place Alert message (scroll) on Bridge intranet site, as directed.

 Execute internal and external communications to broader audiences (employee base; news media).

 Manage potential local, regional and national press around incident.

 Monitor responses of media and customers.

 Monitor for new developments with input from taskforce members.

 Inform CEOA, ECA, and Tokyo PRD, as necessary. Marketing/Social Media Channels

 Oversee marketing communications to customers/branch offices and customer channels.

 Provide FAQ’s for customer contact personnel to facilitate consistent responses/handling of customer inquiries.

 Manage alternative channels for customer communication (i.e. social media, ATMs, etc.).

 Determine with business units what special accommodations will be offered to impacted customers; coordinate details, create customer communications, initiate training.

 Manage e-Marketing strategy and outreach via web, social media applications, etc.

 Coordinate related advertising, as appropriate. Risk/BURM

 Report to Enterprise Risk Management

 Report to, and coordinate with, the Cyber Risk Management Office (proposed)

 Identify and continue to refresh areas most impacted by attacks.

 Continually review readiness to respond to attacks. Enterprise Business Continuity Planning

 Gather facts about the impact to business operations.

 Engage appropriate Incident Response Team(s) and lead event calls.

 Coordinate response, recovery and appropriate remediation efforts.

 Coordinate internal communications/notifications.

 Gather incidental costs of the event (i.e. FTE hours, damages, recovery). Legal/Compliance/Privacy Office

 Provide review of various external communications to check consistency with laws and risk exposure to the bank.

 Notify regulators and provide updates as needed (close coordination with IS/IT, OCC and FRB).

 Consider other actions as outlined in any recent regulator directives.

 In conjunction with Investor Relations, consider whether an event should be disclosed per SEC Disclosure Guidance of October 2011.

 File criminal case, as appropriate.

 Brief CRO, EC and RC. E-Commerce

 Test the following channels for external accessibility, report to the Taskforce on channel deposition: web OLB/IBB, Mobile and Text Banking.

 Work with Marketing to post appropriate outage messages on the web, assuming it is still a possibility.

(4)

Enterprise Business Continuity Planning

 Gather facts about the impact to business operations.

 Engage appropriate Incident Response Team(s) and lead

event calls.

 Coordinate response, recovery and appropriate remediation

efforts.

 Coordinate internal communications/notifications.

 Gather incidental costs of the event (i.e. FTE hours,

damages, recovery).

Retail Customer Service / Call Center

 Communicate with customers who have special circumstances and/or whose issue has been escalated to OOP as part of normal protocol.

Liaison Office

 Communicate with MUFG/BTMU.

IV.

T

ASKFORCE

O

BJECTIVES

Regardless of the type of cyber incident, it is vital for MUFG Union Bank to have a unified voice that delivers a consistent and factual message to various stakeholders about the situation and the actions the bank is taking to mitigate the attack. The goal is to at least maintain, if not enhance, the bank’s reputation with various internal and external stakeholders.

Reputation is why people conduct business with MUFG Union Bank – safety, reliability and commitment. Anything we do that questions these attributes can erode the value of our franchise. The Taskforce will need to address both perceptions and facts effectively with customers, employees, community groups, elected officials, news media and other constituents.

The overall objectives of the Cyber Incident Response Taskforce are to:

 Ensure that we protect the bank’s reputation with various constituents, including employees, customers, community groups, government officials and others.

 Focus on key concerns, including security of customer information.

 Understand the facts and impact on the bank’s constituents.

 Recommend both responses and actions that will improve the understanding of, and situation for, those constituents.

 Execute on the approved recommendations in a timely manner.

 Maintain consistency of messages and accuracy of information.

This Taskforce augments the broader Enterprise Business Continuity Planning for the bank, and is designed for quicker response to address potential reputational issues rather than business resumption of operations.

V.

T

ASKFORCE

P

ROCEDURES

 Business Continuity Planning/Corporate Communications coordinates conference call with Taskforce members.

(5)

 Determine extent of response and recommended possible actions across stakeholders groups (below).

 Determine which key stakeholders need to be notified, how quickly, and in what order.

 If media inquiries, ascertain potential negative impact on MUFG Union Bank, and recommended early response; Corporate Communications works with its external PR agency.

 In consultation with the CEOA (and other ECA members, as necessary), gain approval of initial message response and recommend actions.

 Corporate Communications will coordinate appropriate internal communications; and partner with business units reviewing customer communications.

 As required, work with Legal, Corporate Security, Information Security, Compliance and Privacy Office to reactively communicate nature and details of the incident to regulators and law

enforcement, and the steps being taken to rectify situation for customers.

 Monitor news reports to understand changing situation, update the taskforce of new developments, misinformation, or inaccuracies.

VI.

S

TAKEHOLDER

G

ROUPS

1. Customers (Eight lines of business) – Business Units lead with Marketing 2. Employees – Corporate Communications leads with HR partnership 3. Regulators – Legal, Risk Management, IRMG leads

4. Law enforcement – Corporate Security leads 5. FS-ISAC – Integrated Services/IT leads

6. MUFG/BTMU – Liaison Group in conjunction with ECA and Corporate Communications 7. Board of Directors – Michael Coyne leads

8. ECA – John Itokazu leads

9. News media – Corporate Communications leads 10. CBO’s/activists – Julius Robinson leads

11. Government officials (elected officials, non-regulatory) – Randal Hernandez, Tim Wennes 12. Investors/Rating Agencies – Mimi Mengis leads

VII. R

ESPONSIBILITIESOF

T

ASKFORCE

M

EMBERS

Corporate Communications

 Incident will become known either with initial news reports or notification from Integrated

Services/IT, Enterprise Business Continuity or other; Corporate Communications begins to monitor for external coverage, Enterprise Business Continuity will assemble Taskforce on a call.

 Develop company messages/positioning based on facts and plans to mitigate attack – seek approval of CEOA, West Coast President, EC members (as appropriate); distribute approved messages to Taskforce members.

 Create media standby statements (to be delivered by authorized spokespeople), messages/scripting for call centers, Q & A for employees.

(6)

 Designate media relations person to direct reporter calls, respond to calls in timely manner with holding statement and follow up with more details later.

 Provide the Taskforce an external perspective of impact to bank and perceptions created during early hours.

 Develop recommendations for internal communications and execute as appropriate.

 Collaborate with Business Units and Marketing on customer communications for consistency.

 Manage local, regional and national press around attack; handle most spokesperson duties unless situation requires comment from a senior executive.

Marketing

 Designate one point of contact in Marketing to act as overall point of contact for all marketing-related activities.

 Work with Corporate Communications to incorporate approved customer messages in appropriate channels (alternative websites, social media, email, ATM screens, etc.).

 Lead customer communication efforts.

 Evaluate alternative channels for customer communications (dark site, social media, ATM messages, etc.).

 Share timelines/project schedules with the team so there is a broad understanding of how long it takes to get in market based on communications channel.

 Determine who reviews material and who has final approval for all marketing-related communications.

Below are the contacts for each area as well as high-level project timelines to give some idea of process and timing to get each tactic in market. This could change depending on situation and resources available. Direct Mail, Collateral and Branch Merchandising

Customer Communications – Direct Mail

 Primary contact: Winnie Yip (SF)

 Backup contact: Shana Glasheen

 Tasks:

 Strategic Message Development

 Complete Strategy Overview Brief, with approvals from Task Force/CMO

 Creative Development

 Route for compliance review and feedback

 Finalize digital files and send to printer

 Print, production, letter shop

 Mail File Processing

 Request data files from BIA

 Review/approve final mail volume by product, market, etc.

 Send final mail file to printer

 Communications to branch/staff

(7)

 Engage Corporate Training and draft scripting, when applicable

 Route for compliance review and approval

 Draft Marketing Bulletin and FAQs, and submit for distribution and Retail Portal updates/publishing

Collateral

 Primary contact: Jeff Rausis (SF)

 Backup contact: Tina Churchill (SF)

 Tasks:

 Copy development + Creative design/layout

 Product compliance review, if required

 Marketing compliance review

 Corporate compliance review

 Agency production

 Distribution to branches

Branch Merchandising/Branch Communications

 Primary contact: Alicia Faugier (SF)

 Backup contact: Winnie Yip (SF)

There are several options for communications at the branch level: digital flat screens (Marin only), kiosks/posters, ATM marketing screens, tent cards, teller cards/mats.

The Service Level Agreements (SLAs) vary by tactic with ATM marketing screens having the longest lead time and digital flat screens being the fastest option (we can display a new message in a matter of hours).

 Tasks:

 Creative Development; Two to Three Options for Review

 One Option Selected; Creative Refinement

 Business Unit & Compliance Approval *

 Print Production

 Distribution

*This is not under our control but would hope we could shave some time off the established compliance review timeframe working with our colleagues in Legal/Compliance.

eMarketing

Each of the four relevant eMarketing channels has assigned a primary crisis contact in addition to a backup contact. The backup contact is always located in a different geographical area in the event that the primary contact is impacted by the crisis.

SLAs shown below reflect timing to execute and launch various tactics. These timeframes are counted from the time fully approved communications are received and require that a single point of contact (crisis project lead) for each channel is available for prompt and definitive final approval.

Public website - unionbank.com

 Primary contact: John Vasquez (LA)

 Backup contact: Anita Shaw (SF)

 Tasks:

 home page “alert” bar (red bar below large hero graphic)

 home page tile ad (blue or green text ad below alert bar on right of page)

(8)

 additional text box on a lower-level page (any of the above can link to this for more detail if necessary).

(Note: It is not recommended that tactics 1-3 above are used concurrently; they are intended to be presented as menu options.)

 SLA for the alert bar is 2 hours from acceptance of final approved copy. Tile ad and hero can typically launch within 8 hours, depending on complexity of request.

 Steps:

 As soon as possible, the crisis project lead should reach out to the public website contact to alert them of upcoming project, discuss expected timing of approved communications and confirm desired unionbank.com tactics.

 Crisis project lead sends final, fully approved communications to website contact.

 Website contact loads content into test site.

 Crisis project lead, as single point of contact, reviews communications in test and gives the final approval for launch via email.

 Communications in the event that unionbank.com is inoperable:

 In the event that a cyber-attack renders MUFG Union Bank’s corporate web site inoperable, the Taskforce, at its discretion, will request the eMarketing team to use the bank’s Facebook and Twitter pages to disseminate information to customers and the public at large, in accordance to procedures outlined below.

 MUFG Union Bank has started planning for the deployment of a “Dark Site” that could be used to communicate with customers and the public at large in the event that unionbank.com is not available.

 The “Dark Site” will be hosted outside of MUFG Union Bank’s infrastructure in order to ensure that it is available if the bank’s web hosting and publishing infrastructure is compromised. This site will use a simple template to make it easy to publish text-based updates; however it will be properly branded.

 Access to publishing on the “Dark Site” will be restricted to authorized parties only and the site will only be live when needed. The site will provide information on situation status and will refer customers to alternative channels (like the call center or mobile banking), depending on the situation.

Social Media

 Primary contact: Anita Shaw (SF)

 Backup contact: Jim Penn (LA)

 Tasks:

 A social listening program may be appropriate to monitor sentiment in the event that the crisis involves a risk to Union Bank’s reputation.

 SLA: 3-5 hours

 Steps:

 Alert from social listening platform indicates a negative sentiment has been posted by an influential source (based on number of followers).

 Determine whether the issue warrants possible social response.

 Notify the bank’s social media agency of situation for communication plan – response/no response/continue listening.

(9)

 If appropriate, provide customers with information on alternative channels for conducting business with the bank, including a branch visit, call center or mobile banking.

 Crisis project lead obtains approvals from stakeholders and Legal/Compliance.

 Publish response through designated channels. Online Advertising/SEM

 Primary contact: Anita Shaw (SF)

 Backup contact: Jim Penn (LA)

 Tasks:

 In the event of a major disaster where it is inappropriate to run promotional advertising, agencies will be notified within 2 hours to pause campaigns.

 Channel manager lead obtains feedback from stakeholders and taskforce on how long to suspend campaigns.

 Channel manager notifies agencies with time/date to resume advertising.

 Channel manager works with agency on cost of lost media, if any. Email

 Primary contact: Luis del Valle (SF)

 Backup contact: James Meono (LA)

 Tasks:

 Email to impacted customers

 Email to all customers

(Please note: MUFG Union Bank does not have emails for all customers. Depending on the situation, eMarketing can help determine whether email is an appropriate and effective tactic.)

 Based on the nature of the situation, eMarketing will make every attempt to distribute the final communications in as timely a manner as possible. Timeline will be largely driven by receipt of (1) final, approved copy and (2) the scrubbed list from BIA or ESB. (It is important to note that the database or LOB must be responsible for scrubbing any list.) In addition, a single point of contact for approvals is required.

 Steps:

 Email lead contacts BIA to establish email file data requirements and estimated delivery of file to eMarketing. Email lead will also contact ESB if necessary.

 Email lead contacts email vendor to alert of upcoming emergency email communication and establish production schedule. Email lead will also provide required testers list.

 Pre-determined emergency email template will be used for communication. No creative development required.

 Crisis project lead delivers final, approved communication content to email lead.

 Email lead will deliver (1) all email data files and (2) communication content to email vendor to for data importing and template coding.

 Email vendor will send out test communication to testers list and email lead will coordinate any necessary changes and provide final approval.

 Email vendor sends out communication and email lead will provide initial communication reporting to crisis project lead.

Advertising

 Primary contact: John VandeBrooke (LA)

 Secondary contact: Katie Feldman (SF)

In the event that the Taskforce determines that advertising efforts should be impacted by the crisis response, the Advertising team lead will be prepared to implement one or more of the following

(10)

scenarios. Steps and timing assumptions for each scenario are based on having approved direction, messaging guidelines, and budget parameters provided by Taskforce and Marketing lead.

Scenario 1: Suspend current advertising activity

 Advertising lead will notify creative and media agencies to determine how quickly, and at what cost, activity can be suspended. Agencies will respond with all information within 24 hours.

 Advertising lead will report timing and cost implications to Taskforce.

 Once determination is made to resume activity, Advertising lead will communicate start date to creative and media agencies.

Scenario 2: Update existing ads to incorporate crisis response messaging

 Advertising lead will work with creative agency to incorporate crisis response messaging into one or more existing ads.

 Timing of revised ads will depend on extent of messaging to be developed, but will likely be 3-7 days, depending on type of ad (Print, Radio, TV, etc.). [Note: Incorporating temporary messaging into Outdoor is unlikely because of production constraints.]

 Working with media agency, Advertising lead will determine earliest possible start date for revised ads. Start dates will depend on space and material close dates.

 Advertising lead will report timing and cost implications to Taskforce.

 Once determination is made to discontinue crisis messaging, Advertising lead will work with creative and media agencies to determine resumption date for general messaging.

Scenario 3: Develop specific response advertising and media plan

 If crisis response requires a new advertising campaign to be developed, Advertising lead will brief creative and media agencies on messaging, timing, and budget.

 Advertising lead will coordinate creative and media development with agencies. Timing will depend on types of ads and extent of media plan, but agencies will be prepared to work on accelerated timelines.

 Advertising lead will report timing and cost implications to Taskforce. Process for Posting Messages

This is the process that will be followed to post messages: 1. eCom and eMarketing are notified of an incident

2. Designated eCom and eMarketing individuals call into the incident call

3. On the call, determine the appropriate messages to post in which locations, if any

 Message will be drafted by eCom and approved by response management team 4. eMarketing to test and post message

Message Location Options:

These are the available message locations, the condition needed for use, and the party responsible for launching them. Customers must be able to reach the page for these messages to have any value. Locations: Location Necessary Condition Launched by Sample

(11)

Hero Space on Home Page Customer can reach home page eMarketing in Tridion Account Summary Page in Online Banking & Internet Business Banking Customer can login to OLB or IBB eMarketing in Bank Admin

Messages to be Pre-Approved and Staged for Display Online

eCom and eMarketing need to prepare online customer banners so they can be rapidly deployed. Once agreed upon, eCom recommends that these messages be produced, tested and staged so that they can be deployed quickly during an incident.

Master Descriptions

The following is master text to describe some of the most likely conditions that could occur. This text can be edited to describe the current condition during an incident.

Complete Outage – Online, Mobile, Text, IVR & Live Agents

Retail

Message What’s Not

Available

Online banking, mobile banking, text banking, and our automated telephone banking system are currently unavailable and telephone customer service associates are unable to provide service at this time.

What’s Available ATMs and branch offices are available for business.

Apology Service will be restored as soon as possible. We apologize for any inconvenience this may cause.

Commercial & Institutional

Message What’s Not

Available

Online banking, mobile banking, and our automated telephone banking system are currently unavailable and telephone customer service associates are unable to provide service at this time.

What’s Available Your Relationship Managers, branch offices and ATMs are available for business. Apology Service will be restored as soon as possible. We apologize for any inconvenience

(12)

Online & Mobile Outage

Retail

Message What’s Not

Available

Online banking and mobile banking are currently unavailable.

What’s Available Your account information is available through text banking, and our automated telephone system. To obtain account information with our automated telephone system, call us at 1-800-238-4486, provide your card or account number and PIN as requested, and follow the prompts. ATMs and branch offices are also available for business.

Apology Service will be restored as soon as possible. We apologize for any inconvenience this may cause.

Commercial & Institutional

Message What’s Not

Available

Online banking and mobile banking are currently unavailable.

What’s Available Your account information is available through our automated telephone system. To obtain account information with our automated telephone system, call us at 1-800-298-6466, provide access or account number as requested, and follow the prompts. If you have questions regarding your products and services, please contact us at 1-800-322-2778. ATMs and branch offices are also available for business.

Apology Service will be restored as soon as possible. We apologize for any inconvenience this may cause.

Online Only Outage

Retail

Message What’s Not

Available

Online banking is currently unavailable.

What’s Available Your account information is available through mobile banking, text banking, and our automated telephone system. To obtain account information with our

automated telephone system, call us at 1-800-238-4486, provide your card or account number and PIN as requested, and follow the prompts. ATMs and branch offices are also available for business.

Apology Service will be restored as soon as possible. We apologize for any inconvenience this may cause.

Commercial & Institutional

Message What’s Not

Available

Online banking is currently unavailable.

What’s Available Your account information is available through our automated telephone system. To obtain account information with our automated telephone system, call us at 1-800-298-6466, provide access or account number as requested, and follow the prompts. If you have questions regarding your products and services, please contact us at 1-800-322-2778. ATMs and branch offices are also available for

(13)

business.

Apology Service will be restored as soon as possible. We apologize for any inconvenience this may cause.

Example of Web Q&As for DDOS Attack

(Relevant Q & A would be developed for other type of incident)

MUFG Union Bank online services are currently unavailable. We are working to restore service as soon as possible.

Q: Why are online services unavailable?

A: MUFG Union Bank’s online services are experiencing extraordinarily high web traffic resulting from what is known as a Distributed Denial of Service incident. These incidents occur when a malicious party generates requests to MUFG Union Bank’s online web site that generate traffic many times higher than our peak capacity. Visitors to MUFG Union Bank’s online service may get a very slow or no response from our online services during this time.

Q: How does MUFG Union Bank respond to these incidents?

A: Each incident is different, but MUFG Union Bank responds to such incidents as rapidly as possible by altering how our online services respond to online requests. We also cooperate with our online service providers, federal authorities and other parties to mitigate malicious online activity. Q: Is MUFG Union Bank the only target in this attempt to disrupt service?

A: [Yes] No. MUFG Union Bank is one of many targeted U. S. financial institutions. All institutions are working with federal agencies and are collaborating to better prepare for possible disruptions in the future.

Q: How can I ensure there has been no access to my account?

A: You can sign up for online banking alerts that will allow you to receive information regarding transactions on your account. These tools are designed to help you manage your finances as well as allow you to monitor account activity and are free for online banking users.

Q: How am I to do my banking when online services are down? <Needs to be specific for each incident>

A: Account information is available through Mobile Banking and Text Banking. Access to account information is available through our automated telephone system and many activities can be

completed in the telephone system 24 hours a day. Customer service is available 7am-9pm Monday – Friday and 8am to 5pm Saturday or you can visit a local branch. ATMs and branch offices are also available for business. Service will be restored as soon as possible. We apologize for any

inconvenience.

Examples: Recorded IVR Messages when a Customer Calls During a DDOS incident (Other messages would be developed depending on the cyber incident)

General Statement

If you are currently unable to sign on to your online service, please be aware that we are working to restore service as soon as possible. You can obtain account information now using our automated telephone banking service.

Messages for Facebook and Twitter

(14)

BACKGROUND A DDoS incident is when a company’s website is intentionally flooded with an

extremely high volume of electronic traffic from multiple locations. This flood of traffic crowds out legitimate customers who are trying to use the bank’s website(s).

MESSAGES BEFORE SYSTEMS RESTORED Union Bank Facebook

Union Bank is currently experiencing a service interruption that is

intermittently impacting our customers’ ability to access unionbank.com.* We apologize for any inconvenience this has caused you. While we work to resolve this issue, please feel free to visit a Union Bank ATM** or local Branch or contact an Online Banking Specialist at (800) 238-4486, for assistance. Once again, we regret any inconvenience to our valued customers and we will provide updates as they are available.

Twitter

Our website is currently experiencing a service interruption which we’re working to resolve Sorry for the trouble For help call 8002384486. AFTER SYSTEMS RESTORED

Facebook

Union Bank experienced an Internet service interruption that temporarily impacted our customers’ ability to access unionbank.com.* We have since resolved this issue and unionbank.com* is now fully operational. We regret any inconvenience that our customers may have experienced. If you are still unable to log into our website and wish to speak to an Online Banking Specialist, please call (800) 238-4486 for additional troubleshooting.

Twitter

@UnionBank is fully operational after intermittent website disruption. Issue resolved! If still unable to log in call 8002384486 for help.

* This can be tailored to reflect the technology impacted such as unionbank.com, ATMs, and Mobile Banking. ** Confirm with BTS that account information is accessible through mobile app, text banking, and ATM channels.

VIII. M

EDIA

S

TANDBY

S

TATEMENTS

– E

XAMPLEFOR

DD

O

S A

TTACK

(Other standby statements would be adapted depending on the cyber incident)

Explanation and Apology BEFORE systems are back up

Option #1 - “MUFG Union Bank is experiencing an Internet service disruption that is intermittently impacting our customers’ ability to access our website or use our online and mobile banking services. We are working quickly to resolve this issue and regret any inconvenience that our customers may be experiencing.”

Option #2 - “MUFG Union Bank is experiencing intermittent outages on (website url's). Traffic to our site is heavy today and it's of a similar pattern to that seen by other banks over the past few weeks. We are working quickly to resolve this issue and regret any inconvenience that our customers may be experiencing.”

Explanation and Apology AFTER systems are back up

Option #1 - “MUFG Union Bank experienced an Internet service disruption that intermittently impacted our customers’ ability to access our website or use our online and mobile banking services. We worked quickly to resolve this issue and all of our systems are now fully operational. We regret any

(15)

Option #2 - “MUFG Union Bank experienced intermittent outages on unionbank.com. Traffic to our site was heavy yesterday and it was of a similar pattern to that seen by other banks over the past few weeks. We worked quickly to resolve this issue and all of our systems are now fully operational. We regret any inconvenience that our customers may have experienced.”

Customer Data/Data Security (if asked by knowledgeable reporter; response must be fact-based)

“We have no reason to believe that customer or account information is at risk.”

 “This denial of service attack has not affected any customer data. We are, however, taking appropriate measures, including working closely with federal law enforcement.”

 “We take online security seriously and are taking every measure to protect the company and our customers.”

IX.

D

ISTRIBUTED

D

ENIALOF

S

ERVICE

(DD

O

S) C

YBER

-A

TTACK

- Q&A

Examples

To be used for oral responses to customer inquiries. Not to be distributed outside the bank.

Q1. What is a Distributed Denial of Service (DDoS) Cyber-Attack?

A1. A DDoS attack is an attempt to disrupt online services for bank customers by external parties. The Internet-based disruptions can block thousands of customers from logging on to mobile and online banking services. Some customers who try to log on to their bank websites encounter delays, although affected banks’ services resumed normally after a few hours.

Q2. Who was responsible for these attacks?

A2. Multiple public sources have identified self-described “hacktivist” groups or those backed by foreign governments as claiming responsibility.

Q3. How are banks impacted by such attacks?

A3. DDoS attacks typically involve flooding of a bank's networks and servers with communications demands, causing websites and corporate networks to slow down or seize altogether.

Q4. Is MUFG Union Bank a target of this latest wave of attacks?

A4. Yes. We are on alert and taking appropriate measures to minimize the impact.

Q5. Is there a chance that customer information/data may be compromised under such an attack? A5. Maintaining confidential customer information is a top priority at MUFG Union Bank. We take online security seriously and are taking every measure to protect the company and our customers.

Q6. Is it safe to use MUFG Union Bank’s online, mobile or other Internet-based banking products and services?

A6. Yes. However, if we experience a disruption, we will notify you through other available channels. Q7. Is MUFG Union Bank working with law enforcement on this matter?

A7. Yes. MUFG Union Bank, like all U.S.-based financial institutions, is in contact with the FBI, the Department of Homeland Security and other agencies that are monitoring this critical matter.

Q8. What should I do if I experience any slowness on MUFG Union Bank’s online, mobile, or other Internet-based banking products and services?

A8. If you experience unusual slowness, you can sign off and try your request again at a later time, contact MUFG Union Bank’s customer service department, or visit your local branch for assistance.

(16)

X.

C

YBER

I

NCIDENT

R

ESPONSE TASKFORCE

C

ONTACT

L

IST

Enterprise Business Continuity Planning manages this list and uses the automated notification system (Send Now) for this Taskforce. The contact system follows this protocol: work email, work phone, cell phone, and home phone. The Taskforce contact system can be initiated by EBCP.

References

Related documents

,, Statement I: An entity shall determine Lhe present- value of defined. benefit obl igafioris ahd the fair value of any' plan assets

If the underlying cause of inflation is time inconsistency (a la Kydland and Prescott or Barro and Gordon), and if the central bank shares society's objectives

When the member is 55 years old, the CPF Board will deduct the member’s RA savings up to the Minimum Sum Cash Component (MSCC) that applies to him as the first instalment of

AC Utilizar trafo com secundário de 24V+24V minimo

But if barriers to movement into white collar jobs faced by farmers’ sons in the nineteenth century had persisted into the twentieth century, and only the distributions of fathers’

The following metrics assess the customer experience in order of customer-centricity within each of these service channels: chat, communities, email, social media and text

With this approach, CSPs are turning conventional retention strategies around, taking an incremental approach and using the business results of the early phases of their

Leaders consider when an opportunity zone guidance published proposed regulations clarify the income in exchange of prior to which an item of a taxpayer to provide a qualifying