Protecting Union Members’ Data: What You Should Know and Do

Last updated on June 13th, 2024

With growing frequency, cybercriminals are targeting unions, prompting a greater need for cybersecurity awareness, training, and protocols at all levels.

Last year, the Boston Pipefitters Union saw $6.4 million stolen from its health fund. In November, the Allied Pilots Association was the victim of a ransomware attack. Early this year, an SEIU local in California was breached resulting in the possible exposure of member Social Security numbers, home addresses, birth dates, and more. As unions play a vital role in fighting for members’ rights, like all organizations, they must also proactively put plans in place to protect union systems, funds, and sensitive information about members.

Why? A cyber attack can have far-reaching implications, ranging from financial loss, disruption of operations, recovery costs, and legal fees to damage to an organization’s reputation and loss of member trust. Cyber attacks are also easy to facilitate, with dubious links in emails that look like they come from legitimate sources or thumb drives embedded with a virus. Unfortunately, simple deceptions can wreak havoc on systems and organizations.

While a common misunderstanding is that cyber criminals focus on only the largest of organizations, it’s important to recognize a certain contingency of cyber criminals focus on smaller operations or low-hanging fruit that provides easier access to data and ransom fees. (That’s why school districts and local municipalities are frequent targets. With outdated infrastructure and limited resources, it’s easier for cyber criminals to breach their systems, causing chaos by locking systems for days or weeks and holding sensitive information for ransom.)

With the average cost of a cyber breach estimated to be over $4 million in 2023, organizations of all types and sizes – including unions and locals – need to make cybersecurity an ongoing priority. If your local handles members’ personally identifiable information like birth date, Social Security number, home address, phone number, and email address – not to mention any financial information, it’s critical to take steps to proactively protect this data while also having a plan so you know what to do should a breach occur.

A cyber security plan can include clearly defined roles and responsibilities; annual risk assessments and audits (including audits of third-party service providers); data encryption and controls; a response plan; periodic training and communications; and more. By having one in place, you can reassure members that the union is always looking out for their best interests.

A good place to start is with your union’s parent organization to see what policies, protocols, and tools are available to protect members’ information and union systems. In addition, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) provides valuable free resources and tools, including the Shields Up program which is designed to help organizations prepare for, respond to, and mitigate the impact of a cyberattack.

As you explore what your local can and should be doing to protect member information, please remember RBT CPA professionals are available to provide accounting, tax, audit, and advisory services. To find out how we can be Remarkably Better Together, give us a call.


RBT CPAs is proud to say 100% of its work is prepared in America. We do not offshore work, so you always know who is handling your organization’s financial information.