OCC Issues Alert On DDoS Cyber Attacks


On December 21, the OCC issued Alert 2012-16, which provides a general description of recent distributed denial of service (DDoS) attacks directed at national banks and federal savings associations, along with risk mitigation information and references to related risk management guidance. The alert also reiterates the OCC’s expectations that banks should (i) be prepared to provide timely and accurate communication to their customers regarding Web site problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet customer needs, (ii) consider the recent DDoS attacks and concurrent fraud against customer accounts as part of their ongoing risk management program, (iii) incorporate information sharing with other banks and service providers into their risk mitigation strategies, (iv) report DDoS attack information to law enforcement authorities and notify their supervisory office, and (v) voluntarily file a Suspicious Activity Report if a DDoS attack affects critical information of the institution including customer account information, or damages, disables or otherwise affects critical systems of the bank.