news.cuna.org/articles/Leagues_continue_to_share_data_breach_costs_with_media

Leagues continue to share data breach costs with media

November 17, 2014

MADISON, Wis. (11/18/14)--At the national level, the Credit Union National Association continues to push national legislative leaders to address data security breaches and the damage they do to American consumers. At the state level, credit union leagues continue to make their voices heard as well.

In a Nov. 15 interview with Albuquerque's KOAT-TV, Paul Stull, president/CEO of the Credit Union Association of New Mexico (CUANM), described the breadth of the data breaches.

"In New Mexico the cost has been over a million dollars this year alone just from Home Depot and Target," he said.

Data breach costs include card reissuance and increased service center costs--the recent survey from CUNA found that for the 7.2 million affected cards in the Home Depot breach the cost was $8.02 per card, or more than $57 million in total costs.

Between reissuing cards and fraud losses, consumers eventually pay for those costs in higher fees or different prices on loans and deposits, Stull told KOAT-TV.

New Mexico is one of three states that does not have a security breach notification law, which most commonly requires private or government entities to notify individuals of security breaches of information involving personally identifiable information.

Stull told News Now that CUANM is working to inform the state's new attorney general, Hector Balderas, about the need for data breach legislation. "If you live in New Mexico, you are probably more at risk after a data breach," he said. "You can't be vigilant about protecting your information if you don't know a breach has happened."

He added that New Mexico continues to fall further behind in data breach protection. "Our objective is to be able to get the information out that consumers need to be alert," he said. Meanwhile, other states are strengthening their own current laws because of a lack of legislation at the national level.

Last week also saw an op-ed by Rich Schaffer, senior vice president of the West Virginia Credit Union League, in The State Journal, Charleston, W.Va.

"Thus far in West Virginia, the total number of credit union-issued credit and debit cards affected by the Home Depot breach tops 22,000, with a total impact of $160,000. Those numbers are likely to rise," Schaffer wrote in the Nov. 13 piece.

He noted the results from both surveys CUNA performed after the Target and Home Depot data breaches.

"The combination of those two breaches alone (to say nothing of breaches at other retailers and service providers this year) add up to significant expenses for credit unions. And who pays?" he wrote. "The consumer-members of not-for-profit credit unions."

Schaffer wrote, "In truth, all participants in the payment process have a shared responsibility to protect consumer data. But credit unions and their members have paid enough: It's time for others to take their share of the responsibility."

Stop the Data Breaches

Identity Theft: Who’s Got Your Number? electronic member seminar kit

Anytime Adviser ID Theft coach

Lock Down Your Smartphone drive-up envelope

Stickley on Security

Awareness Technologies/CUNA Strategic Services

DH Compushare/CUNA Strategic Services

SilverSky/CUNA Strategic Services

TraceSecurity/CUNA Strategic Services