NAFCU: Lack of national security standards for retailers remain six months after Target data breach
WASHINGTON, DC (June 19, 2014) — National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger reiterated the need for national standards on data security and breach notification for retailers on the six month anniversary of the Target data breach, one of the largest breaches of consumer data in American history.
“It has been six months since Target’s data breach, and we still have no national data security standards for retailers,” said Berger. “For the sake of America’s economy and consumers, we must take steps to make sure consumer financial information is safe from cybercriminals. We urge Congress to hold retailers to the same strict standards of data security and breach notification that financial institutions must adhere to.”
Six months after the Target data breach, the statistics are staggering:
- Since Target’s data breach, there has been a major data breach discovered almost every month, with breaches reported at Michaels Stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay, and P.F. Chang’s Chinese Bistro.
- Based on a recent Ponemon Institute survey, an estimated 47 percent of all American adults have been affected by data breaches over the last year, with an estimated 432 million online accounts being affected.
- The latest Javelin Strategy & Research study, “2014 Data Breach Fraud Impact Report: Consumers Shoot the Messenger and Financial Institutions Take the Bullet,” confirms that since financial institutions are the ones that often notify the cardholder of the breach, they are the ones that consumers associate with the breach, even if they were not responsible for it.
NAFCU was the first financial trade organization to call for national data security standards for retailers, and it continues to push for legislative action on Capitol Hill. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act, but retailers are not.
Financial institutions continue to pick up the tab for data breaches. NAFCU estimates that the Target breach could end up costing the credit union community nearly $30 million. Unfortunately, credit unions will likely never recoup much of this cost, as there is no statutory requirement making retailers accountable for costs associated with breaches that result on their end.
The National Association of Federal Credit Unions is the only national organization that focuses exclusively on federal issues affecting credit unions, representing its members before the federal government and the public.