NAFCU: lack of national data security and breach notification standards for retailers creates continued opportunities for cyber thieves
WASHINGTON (September 3, 2014) — National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger renewed the push for national standards on data security and breach notification for retailers following the news of the possible nationwide data breach at Home Depot. If this attack is confirmed at the 2,200 Home Depot stores in the United States, this data breach could prove to be on the same scale as the Target breach last year.
“These continued data breaches will have a chilling effect on our consumer confidence and our economy at large unless Congress holds retailers to the same strict standards of data security and breach notification that financial institutions must adhere to,” said Berger. “Congress must make passing a national data security standard for retailers a top priority when it returns next week.”
The figures on the impact of cybercrime are staggering:
- Cybercrime is costing the global economy $575 billion and the U.S. economy $100 billion annually, according to a report from Intel Security and the Center for Strategic and International Studies – making the U.S. the hardest hit of any country.
- Since Target’s data breach, there has been a major data breach discovered almost every month, with breaches reported at Michaels Stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay, P.F. Chang’s Chinese Bistro, Supervalu and now possibly Home Depot.
- Based on a recent Ponemon Institute survey, an estimated 47 percent of all American adults have been affected by data breaches over the last year, with an estimated 432 million online accounts being affected.
- The latest Javelin Strategy & Research study, “2014 Data Breach Fraud Impact Report: Consumers Shoot the Messenger and Financial Institutions Take the Bullet,” confirms that since financial institutions are the ones that often notify the cardholder of the breach, they are the ones that consumers associate with the breach, even if they were not responsible for it.
NAFCU was the first financial trade organization to call for national data security standards for retailers, and it continues to push for legislative action on Capitol Hill. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act, but retailers are not.
Financial institutions continue to pick up the tab for data breaches. NAFCU estimates that last year’s Target breach could end up costing the credit union community nearly $30 million. Unfortunately, credit unions will likely never recoup much of this cost, as there is no statutory requirement making retailers accountable for costs associated with breaches that result on their end.
The National Association of Federal Credit Unions is the only national trade association that exclusively represents the interests of federally chartered credit unions before the federal government and the public.