Newsroom

FOR IMMEDIATE RELEASE | December 02, 2015

NAFCU Statement In Response to Report of Proposed $39 Million Target Settlement with Financial Institutions on Data Breach

FOR IMMEDIATE RELEASE

NAFCU Statement In Response toReport of Proposed $39 Million Target Settlement with Financial Institutions on Data Breach

Washington (Dec. 2, 2015) - National Association of Federal Credit Unions (NAFCU) Senior Vice President of Government Affairs and General Counsel Carrie Hunt issued the followingstatement in response toa Reuters report of a $39.4 million settlement from Target Corp. with financial institutions based on the retailer's massive data breach in 2013.

"In the two years since Target's huge data breach, consumers are still extremely vulnerable to cybercriminals during yet another holiday shopping season," said Hunt. "We continue to urge Congress to act to protect consumers' financial information by enacting national data security standards for retailers and holding them directly accountable for their data breaches."

"Much more needs to be done to make credit unions whole," Hunt continued. "Member-owned credit unions deserve to be fully compensated."

The 2013 Target breach exposed approximately 40 million credit and debit cards to fraud. The full cost of the breach to financial institutions still remains to be determined. Target also said personal data, such as email addresses and phone numbers, for as many as 110 million persons was also stolen.

The report said a preliminary settlement was filed today in federal court in St. Paul, Minn., and requires court approval. The settlement goes to financial institutions whose payment cards were at risk in the breach and which had not released claims against Target.

Credit unions and other financial institutions already protect consumers' personal data under the provisions of the 1999 Gramm-Leach-Bliley Act (GLBA). Unfortunately, there is no comprehensive regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data. Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., introduction of the bipartisan S. 961, the "Data Security Act of 2015," and the companion House bill introduced by Rep. Randy Neugebauer, R-Texas, and Rep. John Carney, D-Del., H.R. 2205, is the ideal bill currently before Congress that would set a national data security standard for retailers akin to GLBA while acknowledging financial institutions existing adherence to GLBA standards.

NAFCU was the first financial trade organization to call for nationaldata securitystandards for retailers, and itcontinuesto push for legislative action on Capitol Hill. NAFCU is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is driving a discussion on payments system security. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.

The National Association of Federal Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation's federally insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. www.nafcu.org.

###

Patty Briotta
Director of Public Relations
Office:703-842-2820
pbriotta@nafcu.org