Credit unions still waiting for merchant data breach reimbursement over 13 months; NCUA reimburses for breach within one month

WASHINGTON, DC (January 15, 2015) – Today the NCUA approved payment of up to $50,000 for costs associated with a data breach at Palm Springs Federal Credit Union of Palm Springs, California. NCUA will pay the credit union for activities such as credit report monitoring for members, credit union staff time associated with the breach and legal fees.

“CUNA appreciates that NCUA is reimbursing Palm Springs Federal Credit Union for costs associated with the data breach and is taking strides to adopt additional safeguards to protect electronic data,” said CUNA President and CEO Jim Nussle. “It took NCUA a matter of weeks to offer reimbursement for their breach, yet credit unions are still waiting to be reimbursed for the Target breach over 13 months later.”

Credit unions have suffered at least $90 million in losses due to merchant data breaches at Target and Home Depot, and have yet to receive any payment to cover the costs that the data breach imposed on them. When merchants are responsible for a data breach, they are rarely required to pay any costs incurred by their customers, leaving credit unions and other financial institutions holding the bag.

CUNA has been actively advocating changes to federal law to address merchant data breaches in a variety of ways. In the opening days of the 114th Congress, CUNA sent a letter urging lawmakers to hold merchants accountable for data breaches by enacting legislation that should include three basic principles: all participants in the payments system should be responsible and be held to comparable levels of federal data security requirements; consumers should know where their information was breached; and, those responsible for a data breach should be responsible for the costs of helping consumers.

Following the Home Depot data breach, CUNA sent letters to six merchant trade groups on cybersecurity and payments. CUNA has also sent a letter to the president requesting that the administration establish a Cybersecurity Council; provided the quantitative analysis of the costs of data breaches on credit unions at Target and Home Depot; canvassed Capitol Hill to urge lawmakers to force merchants to meet strict data security standards; launched a website that allows consumers to take action and urge Congress to step in and hold merchants accountable for data violations; and called on merchant groups to work with financial institutions to implement solutions.

About CUNA:
With its network of affiliated state credit union leagues, Credit Union National Association (CUNA) serves America’s credit unions, which are owned by 100 million consumer members. Credit unions are not-for-profit cooperatives providing affordable financial services to people from all walks of life. For more information about CUNA, visit or follow @CUNA on Twitter. For more information about credit unions, visit and follow @asmarterchoice on Twitter. Visit the CUNA Press Room for a full listing of media mentions, press releases and resources to stay informed on current events within the credit union industry.

More News