There are far too many local to mid-size banks that have a shocking lack of security. Logins without HTTPS, banks using ancient transfer protocols, web sites that can recover your full password in plaintext.
My old mortgage company had a bug where if you hit the Login button twice, it would redirect to a GET request with my password on the query string. Good thing I was re-financing away to some other company that actually gave a shit.
Even with all of the security standards out there, like PCI, NIST 800-53, SOX, FedRAMP, etc., there is not enough enforcement to punish these fucking lazy assholes from leaking data like this. Even in the larger sectors, it's just a constant pattern of buying out more shitty banks with different platforms and policies, until you have this mess of mismatched everything that can't be unified into sane standards.
Is there a list of credit unions that are affected by this, or who are partners with CU Solutions Group? I couldn't find any information on their web site.