NAFCU again urges national data security standard after recent breaches

There were several reports last week of data breaches: Fintech company Robinhood announced that almost 2,000 market accounts were compromised, Dickey’s Barbecue had information of more than 3 million cards stolen, and Barnes & Noble suffered a breach that exposed some personal information of customers. As a leader in calling for national data security standards, NAFCU sent a letter to Congress urging action to ensure consumers’ information is properly protected in light of these breaches.

The association was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation’s data security system, and consistently reiterates is principles for a data security standard – which includes holding negligent companies accountable and ensuring consumers are made aware of breaches in a timely manner – to lawmakers.

In the letter sent Friday, NAFCU Vice President of Legislative Affairs Brad Thaler called on Senate Majority Leader Mitch McConnell, and Minority Leader Chuck Schumer, D-N.Y., House Speaker Nancy Pelosi, D-Calif., and Minority Leader Kevin McCarthy, R-Calif., to keep data security a high priority.

“Unfortunately, retailers, and even fintechs such as Robinhood, are not held to the same data security expectations as depository institutions, which have faced rigorous cybersecurity exams for years under the Gramm-Leach-Bliley Act (GLBA),” Thaler wrote. “Even more troubling, the U.S. Securities and Exchange Commission (SEC) issued an advisory last month which warned against precisely the sort of authentication weaknesses that may have played a role in the reported Robinhood breach.


continue reading »