Corporate One multi-factor authentication security tokens not affected by NCUA Risk Alert

In August of this year, the NCUA published an Advisory issued by the National Security Agency (NSA) related to a potential breach of SecureID tokens that some credit unions use to authenticate users for online and network system access. Corporate One immediately posted on their Web site a notice that we do not utilize the potentially vulnerable RSA tokens that are the subject of the advisory for any data processing or member access.

Multi-factor authentication used by our members to access Corporate One systems, specifically MemberView, is achieved using different technology from a different vendor and is not affected by this vulnerability. At the time of the initial vulnerability disclosure from the NSA (March 2011), Corporate One conducted an internal risk review of our multi-factor authentication processes and found the vulnerabilities from RSA to be unrelated to our existing members’ authentication process. 

For any questions you have about the security surrounding Corporate One’s systems, please contact Corporate One’s AVP, IT Systems Security, Bruce Westbrook, or our Information Security Officer/Business Continuity Director, Bryan Fury at 866/MyCorp1 or bwestbrook@corporateone.coop or bfury@corporateone.coop, respectively.