March 19, 2014

90 days after Target breach, Berger stresses need for Congress to act

March 20, 2014 – Noting the lack of any forward movement on data security legislation in the 90 days since the Target breach, NAFCU President and CEO Dan Berger yesterday urged House and Senate leaders for action to protect consumers' financial information.

"It has now been 90 days since the Target breach became public, and Congress still has yet to act," Berger said. "As the number of data breaches at U.S. retailers continues to climb, so do the emotional toll and financial burden on tens of millions of consumers across the country. The colossal scale of recent data breaches continues to demonstrate the necessity for congressional action."

Last year's Target breach affected more than 110 million consumers, and both Target and Neiman Marcus told Congress they missed breaches in their own systems. Reportedly, Target also failed to react when its security firm reported a system vulnerability long before the holiday season breach was disclosed.

The Target breach alone has already cost credit unions nearly $30 million for fraud monitoring, reissuance of cards and actual losses, Berger wrote, plus untold costs for credit union staff time devoted to addressing related member service issues.

Credit unions and other financial institutions are already required to follow data security standards under the Gramm-Leach-Bliley Act. Given the ongoing rise in data breaches and identity theft, Berger said, "any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data."

Berger's letter went to Senate Majority Leader Harry Reid, D-Nev., and Minority Leader Mitch McConnell, R-Ky., House Speaker John Boehner, R-Ohio, and Minority Leader Nancy Pelosi, D-Calif. It was copied to all members of Congress.