Berger, citing Equifax, urges Congress to move on data security standard

NAFCU President and CEO Dan Berger, writing Congress, on Friday reiterated the need for a national data security standard.

September 11, 2017

NAFCU President and CEO Dan Berger reiterated a call to House and Senate leaders for a national data security standard after news of the massive data breach at consumer credit reporting agency Equifax that exposed sensitive data of as many as 143 million Americans.

"Data breaches have become a constant concern of the American people. Major data breaches now occur with an unacceptable level of regularity," Berger wrote in a letter Friday to Senate Majority Leader Mitch McConnell, R-Ky., and Senate Minority Leader Chuck Schumer, D-N.Y., House Speaker Paul Ryan, R-Utah, and House Minority Leader Nancy Pelosi, D-Calif.

"A recent Gallup poll found that 69 percent of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers," he continued. "These staggering survey results speak for themselves and should demonstrate the need for greater national attention to this issue. The massive breach at Equifax, and the report that they had known about it for weeks without notifying consumers, is yet another demonstration of the need for a legislative solution."

Credit unions and other financial institutions, Berger noted, have been subject to federal standards on data security since the passage of the Gramm-Leach-Bliley Act (GLBA). These standards are not imposed on retailers and many other entities that handle sensitive personal financial data. "Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," he wrote.

Berger pointed out that the nation's not-for-profit, cooperative credit unions suffer steep losses making members whole following a merchant data breach, and their members ultimately pay those costs.

The Equifax breach, reportedly discovered July 29, made vulnerable up to 143 million consumers' Social Security numbers, birth dates and home addresses, plus some driver's license numbers. Hackers are said to have obtained 209,000 consumers' credit card numbers and credit dispute documents for as many as 182,000 others. The firm said there were no intrusions into core consumer or commercial credit reporting databases.

The need for a national data security standard is a key issue for credit union attendees of NAFCU's Congressional Caucus this week in Washington. Hundreds of credit union leaders are in town for Caucus, and they've scheduled some 200 meetings with lawmakers on Capitol Hill to discuss their concerns. More on this week's key issues can be found here.


Related Links