March 02, 2016

Berger talks Wendy's breach in Krebs

NAFCU President and CEO Dan Berger talked to KrebsOnSecurity's Brian Krebs Wednesday about the negative impact the Wendy's data breach has already had on credit unions – and how the breach may be even worse than those at Target and Home Depot.

"This is what we've heard from three different credit union CEOs in Ohio now: It's more concentrated and the amounts hitting compromised debit accounts is much higher than what they were hit with after Home Depot or Target," Berger told the security blog. "It seems to have been been [the work of] a sophisticated group, in terms of the timing and the accounts they targeted. They were targeting and draining debit accounts with lots of money in them."

Krebs reported the Wendy's breach in January. Wendy's said that malware designed to steal card data was found on some systems but said it did not know the extent of the breach or how many consumers were affected.

Berger also shared a story from an anonymous credit union CEO to highlight the severity of the breach; the CEO estimated that his or her credit union might face "5 to 10 times the loss" it faced after the Target and Home Depot breaches.

Berger told Krebs that NAFCU member credit unions are trying to determine whether to reissue cards for any members who have made Wendy's purchases recently. Krebs noted that Wendy's has also not offered a timeline for the breach or said if it has been contained yet.

Also on Wednesday, NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt wrote an editorial in The Hill pushing back against retailer claims that EMV technology is sufficient to stop data breaches. She pointed out that EMV technology would not have stopped the Target or Home Depot breaches and that it does not help prevent fraud in online shopping.