Newsroom

Data breaches remained on the national radar last week as British Airways announced 380,000 card payments had been compromised in a data breach, and House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., introduced a long-expected bill that would establish national data breach notification requirements for all financial entities.

British Airways announced that consumers who booked flights with the company between Aug. 21 and Sept. 5 had their personal data – including credit card numbers, expiration dates and security codes, and names, street addresses and email addresses – stolen in the breach.

Those customers who were impacted should have received an email from British Airways informing them of the breach. The email encouraged them to contact their financial institutions and credit-card providers.

Luetkemeyer's Consumer Information Notification Requirement Act would amend the Gramm-Leach-Bliley Act to require a notice of unauthorized access that is likely to result in identity theft, fraud or economic loss by all financial entities, including credit bureaus, akin to what is already in place for financial institutions. In turn, entities with national data standards would be pre-empted from state established standards.

The legislation is a scaled-down version of a larger data security bill that Luetkemeyer released earlier this year. Luetkemeyer released the new bill in an effort to advance the issue yet this session; the House Financial Services Committee is expected to hold a mark-up of the legislation in the near future.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. The association has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.