The Target data breach could wind up costing credit unions and their members almost $30 million, according to NAFCU.
The trade organization’s February Economic & CU Monitor survey also found that among those surveyed, the average credit union cost for the Target data breach was $45,000.
In addition, 42% of respondents said their reputation had been harmed due to a merchant data breach. The survey found an average of 10,300 cards per credit union were compromised by merchant data breaches in 2013. The average amount spent by credit unions on data security measures was $158,600.
“The survey findings are staggering. Credit unions are being hit by a double whammy in terms of numbers of possible data breaches and costs while they continue to pick up the tab for retailers who are not subject to the same high level of data security standards,” said NAFCU Chief Economist and Director of Research David Carrier in a statement on Monday.
“It is ironic that despite the ample rules in place to ensure data protection standards at financial institutions like credit unions, merchants and retailers are not held accountable for data breaches. Cybercriminals will continue to capitalize on this double standard and wreak havoc with consumers and our economy,” he added.
In 2013, respondents reported paying an average of $152,000 for data breaches including fraud losses and investigations (46.7%), reissuing costs (34.4%) and monitoring costs (19%). NAFCU said reissuing cards takes an average of 7 days and costs credit unions $5 per card. The median reported cost in the survey for data security breaches in 2013 was $59,000.
To combat security threats, NAFCU said it supports S. 1927, the Data Security Act of 2014, introduced by Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.).
“This bill leaves intact the federal standards already imposed on financial institutions and seeks to extend the protection further, by setting national standards for all merchants and retailers to follow in protecting data, providing timely breach notification and paying their share of the clean-up when breaches occur,” said NAFCU.