CUs still paying costs of Target breach, more
March 14, 2014 – NAFCU’s March Economic and CU Monitor confirms that credit unions bear a significant share of the cost burden associated with merchant data breaches, from 2007’s TJ Maxx breach to the recent one at Target.
Credit union respondents to the Monitor survey indicated that they were expecting costs from the Target data breach to reach about $45,000 on average. NAFCU estimates the industry will likely lose $28 million from this breach alone.
When credit unions were asked about the cost impact of the 2007 data breach of TJ Maxx, respondents said they suffered losses of $81,000 on average due to the incident. Given that more than twice as many cards were exposed in the TJ Maxx breach as in the Target breach, this indicates that the loss situation for credit unions has not improved during that time.
As news of more merchant data breaches come to light, including the recently disclosed breaches at Sally Beauty and Smucker’s, NAFCU continues to press lawmakers for national data security standards that include mandatory disclosure of breaches.
In response to Monitor survey questions about EMV technology, 10.5 percent of respondents said they are already using the technology, and 76.3 percent are planning to do so in the future. With the October 2015 liability shift, 90.3 percent of those credit unions planning to roll out EMV cards will do so before the October deadline. Credit unions that have made EMV cards available say the average cost to implement was $5.53 per card.
Economic and CU Monitor