Press
Target breach has already cost credit unions up to $30 million
(January 22, 2014) — The Target stores data security breach has already cost all credit unions between $25 million to $30 million – and those substantial numbers are expected to rise in coming weeks as more of the cooperative financial institutions report their costs and as fraud losses are incurred down the road, according to preliminary results of a survey of credit unions by the Credit Union National Association (CUNA).
“Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers,” said CUNA President and CEO Bill Cheney. “Rather, credit unions must solely cover these costs of their card program administration, including in these circumstances of reacting to a merchant data breach.”
“Ultimately, however, because of credit unions’ cooperative structure, the costs of such breaches are ultimately borne entirely by credit union members,” Cheney said. “Retailers such as Target are rarely held responsible for reimbursing financial institutions for the costs that the data breach has incurred on them and, in the case of credit unions, their members,”
The results of the CUNA survey show that, on average, the Target breach has cost credit unions about $5.10 per card affected by the security lapse. These costs most likely do not include any fraud losses, which are likely to occur later. Additionally, the cost/card figure is an average across all affected cards, not just cards that have been reissued.
The results come from a CUNA online survey posted Jan. 3 on the CUNA website (CUNA.org), and noted in various CUNA member publications. CUNA-member credit unions were asked to report the effects of the Target data breach, which was first announced on Dec. 19. As of Jan. 16, a total of 936 credit unions had responded.
Credit unions responding to the survey report having almost 18 million debit cards outstanding, and just less than 1.5 million credit cards outstanding. These totals represent roughly a third of the estimated number of debit cards outstanding at all credit unions, and somewhat more than that of estimated outstanding credit cards.
Credit unions are still gathering information about the costs of the breach, said CUNA Chief Economist Bill Hampel. Once credit unions have had sufficient time to respond to the survey, CUNA will provide a more complete report of the results.
The results so far indicate that the vast majority (77 percent) of credit unions whose members were affected by the Target breach have already reissued debit or credit cards to their members. About 21 percent said they will reissue or have selectively reissued cards in response to member requests or other factors. About 2 percent do not plan to reissue any cards.
In addition, more than one in three credit unions (35 percent) report having to increase staffing (additional overtime, shifts, etc.) as a result of the Target data breach. And about 38 percent of credit unions reported that their call volume from members increased 10 percent to 25 percent in the wake of the breach.
See the attached “Preliminary Results” sheet for additional information.