Newsroom

NAFCU President and CEO Dan Berger said Yahoo's admission that a separate data breach has jeopardized the information of more than 1 billion of its account users is proof of the need for Congress to enact national data security standards for merchants.

"These continued attacks on consumers' personal and private information have got to stop," said NAFCU President and CEO Dan Berger. "Congress needs to pass strong national data security standards as soon as possible next year. Cybercriminals are only getting stronger and more creative the longer we leave gaps in our cyber and data security frameworks."

Yahoo's announcement comes only a few months after a separate disclosure of a breach affecting 500 million of its users. The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, passwords and possibly encrypted or unencrypted security questions and answers, the company confirmed.

In its company statement, Yahoo said the account data of more than 1 billion users was hacked in August 2013. The company noted that in some instances the hackers forged cookies that could allow an intruder to access users' accounts without a password. Yahoo said some of the activity from this attack has been connected to the same criminals believed to be responsible for the data breach disclosed in September.

NAFCU has fought for national standards to ensure that merchants protect data and take responsibility for breaches that occur on their end. The association will push for the reintroduction of legislation such as the "Data Security Act" (H.R. 2205/S. 961) in the next Congress.