NAFCU: Data breaches have reached tipping point

Joins six other trades to advance data security legislation

WASHINGTON, DC (May 23, 2016) — National Association of Federal Credit Unions (NAFCU) Executive Vice President of Government Affairs and General Counsel Carrie Hunt today issued the following statement regarding the dire state of data breaches on our nation.

“Data breaches have reached a tipping point,” said Hunt. “The Identity Theft Resource Center reports that hacking incidents reached a nine-year record in 2015, with the business sector, including retailers, accounting for 39.9 percent of breaches, the single largest category. Consumers and financial institutions, including credit unions, continue to pick up the tab for retailers and other businesses’ lack of national data security standards. It is critical that Congress act to protect consumers and our economy.”

The latest ITRC’s data for May 2016, the statistics are even more grave. The business sector, including retailers, accounted for 48.4 percent of data breaches, again the leading category of data breaches and 19.9 percent of exposed records. The financial sector accounted for 2.5 percent and zero percent of exposed records.

NAFCU was the first financial trade organization to call for national data security standards for retailers in the wake of the massive Target data breach in 2013, and it continues to push for legislative action on Capitol Hill.

Credit unions and other financial institutions already protect consumers’ personal data under the provisions of the 1999 Gramm-Leach-Bliley Act (GLBA). There is no comprehensive regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data.

Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., introduced the bipartisan bill S. 961, the “Data Security Act of 2015,” and Rep. Randy Neugebauer, R-Texas, and Rep. John Carney, D-Del., introduced the companion House bill, H.R. 2205. This legislation would set a national data security standard for retailers akin to GLBA while acknowledging financial institutions existing adherence to GLBA standards.

This week, NAFCU has joined with six other financial trades groups to promote the “Stop the Data Breaches” campaign, which promotes NAFCU-backed H.R. 2205/S. 961, the “Data Security Act of 2015.”

A new website – – details how the legislation would hold retailers to the same strong data security standards that credit unions already follow under the Gramm-Leach-Bliley Act. The measure would also institute notification requirements in the event of breaches such as the massive attacks on Target and Home Depot.

A survey of NAFCU members last year showed that the estimated costs associated with merchant data breaches in 2014 were $226,000 on average. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work to strengthen existing cyber mechanisms.


The National Association of Federally-Insured Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation’s federally-insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. For more information on NAFCU, go to or @NAFCU on Twitter.


Molly Safreed, (NAFCU)

More News