Feb. 4, 2014 – NAFCU President and CEO Dan Berger wrote two Senate panels Monday to urge action on national data security standards for retailers, noting that recent data breaches have cost credit unions nearly $30 million for post-breach monitoring, reissuance of cards, fraud investigations and more.Berger, writing in advance of a hearing by the Senate Banking Subcommittee on National Security and International Trade and Finance, told panel Chairman Mark Warner, D-Va., and Ranking Member Mark Kirk, R-Ill., that the Target data breach alone could cost credit unions nearly $30 million from the “monitoring, reissuance of cards and fraud investigations and losses from this breach.”
He asked the subcommittee leaders to carefully review NAFCU-backed S. 1927, the “Data Security Act of 2014,” as this legislation would increase requirements for businesses without burdening financial institutions – such as credit unions – already subject to data protection measures under the Gramm-Leach-Bliley Act.Berger said findings of a January survey of the association’s members showing that, on average, credit unions were notified more than 100 times in 2013 of possible breaches of their members’ financial information. The survey also found the cost for credit unions to replace new plastic cards to members ranged in cost from $5 to $15 per card.He reiterated those figures in a letter to the Senate Judiciary Committee, which holds a hearing today on cybersecurity.Of note during Monday’s subcommittee hearing:
NAFCU’s letter to the Senate Banking subcommittee was submitted to the hearing’s record. More hearings on data security are slated Wednesday by a House Energy and Commerce subcommittee and Thursday by the full Senate Banking Committee.NAFCU, the first financial trade to seek hearings and legislation immediately following the Target breach, will closely follow all hearings and will weigh in on its members’ behalf.