June 12, 2014 – NAFCU President and CEO Dan Berger yesterday reiterated a call for national data security and breach notification standards for retailers amid reports of a data breach at nationwide restaurant chain P.F. Chang’s China Bistro. “It has been almost six months since Target’s data breach, and we still have no new data security standards for retailers,” said Berger. “Since Target, there has been a major data breach discovered almost every month. The continued lack of national data security standards is an open invitation to cybercriminals.”KrebsOnSecurity.com reported that thousands of stolen cards that were all used at P.F. Chang’s in March were being sold on the same underground store that sold tens of millions of cards taken during the massive Target Corporation data breach late last year. The site also reported that the cards being sold are advertised at “100 percent valid” meaning that 100 percent of the cards sold are guaranteed to work.A recent report from Intel Security and the Center for Strategic and International Studies noted that cybercrime is costing the global economy $575 billion and the U.S. economy $100 billion annually. The report estimated that 40 million people in the U.S. and 800 million worldwide have had information stolen.NAFCU, amid ongoing reports of retailer data breaches, including those at Michaels Stores, the Target breach and others, is continuing to press lawmakers for action on national standards on data security and breach notification for retailers. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act, but retailers are not.
NAFCU Vice President of Legislative Affairs Brad Thaler reiterated NAFCU's concerns in a letter last night to House and Senate leaders.