NAFCU: Cybercriminals emboldened by continued lack of national data security and breach notification standards for retailers
WASHINGTON, DC (August 19, 2014) — National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger renewed the push for national standards on data security and breach notification for retailers following the news of the latest massive data breach at Supervalu Inc.
“Cybercriminals are emboldened by the continued lack of national data security standards and breach notification for retailers,” said Berger. “For our nation’s economy and consumers, we must take action to make sure consumer financial information is protected. We urge Congress to hold retailers to the same strict standards of data security and breach notification that financial institutions must adhere to.”
“This latest cyberattack showcases the continued vulnerability of our system. Chip-and-PIN technology alone is no panacea for these types of attacks.”
The statistics on the impact of cybercrime are staggering:
- Cybercrime is costing the global economy $575 billion and the U.S. economy $100 billion annually, according to a report from Intel Security and the Center for Strategic and International Studies – making the U.S. the hardest hit of any country.
- Since Target’s data breach, there has been a major data breach discovered almost every month, with breaches reported at Michaels Stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay, P.F. Chang’s Chinese Bistro and now Supervalu.
- Based on a recent Ponemon Institute survey, an estimated 47 percent of all American adults have been affected by data breaches over the last year, with an estimated 432 million online accounts being affected.
- The latest Javelin Strategy & Research study, “2014 Data Breach Fraud Impact Report: Consumers Shoot the Messenger and Financial Institutions Take the Bullet,” confirms that since financial institutions are the ones that often notify the cardholder of the breach, they are the ones that consumers associate with the breach, even if they were not responsible for it.
NAFCU was the first financial trade organization to call for national data security standards for retailers, and it continues to push for legislative action on Capitol Hill. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act, but retailers are not.
Financial institutions continue to pick up the tab for data breaches. NAFCU estimates that last year’s Target breach could end up costing the credit union community nearly $30 million. Unfortunately, credit unions will likely never recoup much of this cost, as there is no statutory requirement making retailers accountable for costs associated with breaches that result on their end.
The National Association of Federal Credit Unions is the only national trade association that exclusively represents the interests of federally chartered credit unions before the federal government and the public.