March 09, 2014

Hunt to Congress: Retailers ramping up misinformation on data breaches

March 10, 2014 – NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt wrote all members of Congress Friday to counter the misinformation that retailers are promoting as they seek to draw attention from the lack of national standards for merchants' data protection.

Hunt said the Target breach still captures headlines due to its enormity, but breaches have continued since, with more recent ones coming to light at Neiman Marcus, Michaels and White Lodging.

"Just this week there have been reports of national breaches at both Smucker's and Sally Beauty," Hunt wrote. "In addition, many smaller breaches happen all too often on the local level, whether at your neighborhood grocer or convenience store. All told, according to the Privacy Rights Clearinghouse, there have been over 450 retailer breaches since 2007 resulting in the exposure of nearly 200 million consumer financial and personally identifiable records."

The Target breach alone has cost credit unions nearly $30 million, she said, though most credit unions "have yet to see a dime back from the retailers to cover these costs."

Hunt advanced three suggestions that could help ease the burden of data breaches on consumers:

  • National standards for safekeeping information: It is critical that a consumer's sensitive personal information be safeguarded at all stages of transmission.
  • Notification and disclosure standards: Guarantee that all necessary parties are informed in a timely manner when and where a data breach has occurred; identify potential identity theft threats; share information as appropriate so issuers can respond to red flags quickly.
  • Limited consumer liability: When a data breach occurs, provide affected consumers with necessary resolution tools such as remuneration; monitoring accounts for fraud; reissuing cards and other tools necessary to help them recover from financial burden.

Credit unions are already doing the above now, she said.

Hunt is also preparing to moderate a March 27 NAFCU webcast on the Target data breach and appropriate measures for protecting credit union members.