January 13, 2014

Berger presses Congress anew on data security, urges NCUA engagement

Citing new revelations over the past weekend on additional merchant data breaches, NAFCU President and CEO Dan Berger on Monday called anew for Congress to act on merchant data standards and urged NCUA to engage with other regulators working on ways to ensure data is secure.

Berger, in letters to House and Senate leaders, reiterated NAFCU's call for hearings and legislation. He added that "as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data."

Berger also urged NCUA to engage with other regulators on this issue. "The FTC is currently exploring a range of regulatory options to assist consumers, business, and financial institutions," he wrote in letters to all three NCUA Board members. "NAFCU believes that the NCUA should ensure that credit unions are protected from any unnecessary regulatory burden and allow them to continue to provide quality services to their members."

Target, which already reported breach activity affecting nearly 40 million consumer accounts, late last week said another 70 million customers could be affected by personal-data theft. Neiman Marcus has now admitted to a breach, but it has not said how many may be affected. There are also reports that other retailers have been breached.

In his letters, Berger emphasized that credit unions and other financial institutions are already subject to stringent data protection requirements under the Gramm-Leach-Bliley Act, but merchants and retailers are not.

Air Academy FCU's Glenn Strebe, quoted in The Wall Street Journal on the Target breach, testified for NAFCU during a past hearing held on cybersecurity.

Glenn Strebe, president and CEO of NAFCU-member Air Academy FCU in Colorado Springs, Colo., was quoted in The Wall Street Journal saying his credit union did receive limited compensation in the past for a breach, but it was not enough to cover the cost of reissuing cards to members. He noted that so far on the Target breach, "We are the ones carrying all the water on this." Strebe was a witness for NAFCU in a past House subcommittee hearing examining cybersecurity and data security issues.