Newsroom

U.S. data breaches in 2017 hit a new record high of 1,579 – a 44.7 percent increase over the number of breaches in 2016, according to the Identity Theft Resource Center (ITRC). This data affirms why NAFCU continues to be a leading advocate for a national data security standard for all entities that collect and hold consumers' personal and financial information.

Also of note from the ITRC's data: Of the five industry sectors tracked, the business category again saw the highest number of breaches – for the third year in a row – at 55 percent (870). The medical/healthcare industry came in second place with 23.7 percent (374) of the total number of breaches.

Hacking, which includes phishing, ransomeware/malware and skimming, was the top kind of attack in 2017, resulting in 59.4 percent of the total breaches. Hacking incidents had the most impact on the business sector with nearly 40 percent of breached businesses identifying this as the cause for the breach.

NAFCU has shared with congressional leaders its guiding principles for data security legislation, which include:

• requiring entities to be accountable for related costs of data breaches that occur on their end, especially if the breach is caused by that entity's negligence;
• requiring all entities that store consumer data to meet standards similar to those imposed on depository institutions under the Gramm-Leach-Bliley Act (GLBA);
• requiring merchants to post their data security policies at the point of sale if they take sensitive financial data;
• informing financial institutions of any compromised personally identifiable information when associated accounts are involved;
• disclosing names of the companies and merchants whose data systems have been violated so consumers are aware of those that place their personal information at risk;
• enforcing violations of existing agreements and law by those who retain payment card information electronically; and
• having the evidentiary burden of proving a lack of fault rest with the negligent entity that incurred the data breach.

Last November, the association testified before a House Financial Services subcommittee and recommended ways to curb data breaches. In response to NAFCU's testimony, the House Financial Services Committee is expected to continue work on data security this year, with more hearings and potential legislation.

NAFCU was the first financial trade group to call for a national data security standard for retailers in the wake of the 2013 Target breach.