Image Image


News Archive

Target data breach cost to WI credit unions? $600K and counting

The costs to credit unions from the Target stores’ data breach total over $30 million, with close to $600,000 of that amount falling on the shoulders of Wisconsin credit unions. These losses hurt credit union members because credit unions are not reimbursed by the retailers where breaches have occurred. So the credit union movement has addressed both the media and Congress to explain who pays for a breach as well as the need for greater accountability that can stem future costly data theft and instill consumer confidence in the U.S. payments system.


ImageThe Target breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals.


The arts-and-crafts stores Michaels subsequently made the news for another big data breach—on the heels of one it experienced only a few years ago—and luxury retailer Nieman Marcus reported a months-long breach simliar to that of Target, compromising the personal information of millions more Americans. An eight-state data breach involving Mariott Hotels soon followed.


As these events unfolded, credit unions received compliance tips to aid their follow up and the NCUA renewed warnings to consumers about increased opportunity for scam artists to play on consumers' fears to conduct telephone scams.


The Credit Union National Association has zeroed in on the Target breach to:


  • Assess the cost to credit union member-owners. The estimated $30 million in costs, as of mid-January is likely to rise over time as more credit unions tally their costs and as the incidents of fraud related to the breach become known. The initial cost estimate reflects only the cost of reissuing cards and the additional costs associated with informing members. Credit unions are urged to re-submit cost information to the Credit Union National Association (CUNA) through its online survey.


  • Set the record straight on who bears breach-related costs. It was erroneously reported by some media that Target would reimburse card issuers for the losses they incurred. An-op ed by CUNA CEO Bill Cheney in the Huffington Post and a Bloomberg radio interview explained that credit unions alone, and their members, are left holding the bag for breach-related expenses. The Associated Press distributed the credit union loss estimates gathered from CUNA’s survey to media outlets nationwide, and coverage appeared in major media outlets including the Wall Street Journal, The Hill, MSN Money, and Yahoo!Finance. In part, CUNA refuted a claim by retailers that "chip and PIN" technology, like that used in Europe for plastic cards, is a "silver bullet" solution. In fact, it would not have prevented the theft of consumer marketing data.

    Communicate our position, concern for data safety

    Credit unions’ position on data security is that for the electronic payments system to continue working safely on behalf of consumers, credit unions, banks, processors, networks and merchants all must do their part. CUNA has asked Congress to ensure that:


    • Merchants are subject to the same data security standards that credit unions follow;


    • Merchants are required to reimburse credit unions for the cost they incur as a result of merchant data breaches; and


    • Credit unions are permitted to identify the merchant where a data breach occurs when it is known and would not adversely affect an investigation.

    The League can provide your credit union talking points on data security, a letter to the editor and sample editorial prepared by CUNA that your credit union can use locally to raise awareness about your costs tied to the Target data breach, its impact on members and your role in protecting member data. Contact League Director of Communications Christine Henzig at (262) 408-6019 for assistance.

    The Electronic Payments Coalition shared an update to its members capturing much of the post-breach communications and steps being taken by affected players.


  • Push Congress to investigate and consider legislation that would place more responsibility on merchants. CUNA wrote to Congressional leaders on the breach and also briefed individual Senate and House offices. All members of Congress received a letter rebutting faulty assertions by merchants and a memo to Congress addressed merchants' misleading data security claims. Already, three Congressional hearings have been held, capturing coverage in the D.C.-based Roll Call publication. While Congress is concerned about the effects of data breaches on consumers, it is reluctant to engage in a battle between the financial services and retail sectors to resolve it. There also seems to be little understanding of the impact these breaches have on financial institutions, increasing the importance of credit union Activists' Hill visits as part of the CUNA Governmental Affairs Conference in Washington, D.C. later this month.


"Even before these high-profile data breaches, credit unions were being under-compensated for the administrative costs that go hand-in-hand with offering plastic cards, and that doesn’t even begin to consider the hassle and impact on consumers," said League President & CEO Brett Thompson.


He is referring to interchange fees paid to debit card issuers, affected recently by federal financial reforms. The 2010 Durbin Amendment to the Dodd-Frank Act severely limited credit unions' ability to recover their actual costs as a result of a data breach. A battle over what fees should be allowed continues to play out in court.


"The massive cost to credit unions’ member-owners related to the Target breach—let alone the others that are still unfolding—provide a great example of how the federal cap on interchange does not factor in enough of the costs that card issuers face for providing their services," Thompson continued.

"Being able to share an accurate cost impact on Wisconsin credit unions of this single, massive breach will continue to provide a critical piece of the puzzle for our ongoing advocacy," he said.


©2005 Wisconsin Credit Union League. All rights reserved.
Site powered by iMIS.