The cost of the Target data breach has surpassed $200 million, according to data collected by CUNA and the Consumer Bankers Association.
In a joint release from the two trade associations, the CBA said last week the approximate cost of card replacements for its members has hit $172 million, up from the initial $153 million estimate.
CUNA said the financial impact of the breach on credit unions has reached $30.6 million, marking an increase from the trade group's original $25 million estimate.
“So far, cards replaced by CBA members and credit unions account for more than half of all affected cards,” said the Feb. 18 release.
Among members of both organizations, 21.8 million of 40 million compromised cards have been replaced, which represents 54.5% of the cards Target said had been compromised in the breach.
“Credit unions have replaced or will replace 85% of their cards affected by the Target breach at no cost to their members,” said CUNA President/CEO Bill Cheney. “The combined $200 million cost borne entirely by banks and credit unions shows the extent to which financial institutions will go to protect their customers and members.”
The trade organizations noted that the combined $200 million cost does not account for costs to financial institutions other than credit unions or CBA members. The total also does not include any past, present or future fraudulent activity, which would raise the cost of the Target data breach.
“Financial institutions of all sizes have been aggressive in ensuring their customers are protected in response to the Target data breach,” said CBA President/CEO Richard Hunt. “CBA's members have proactively replaced cards, increased fraud monitoring efforts and have expanded call center hours.”
Meanwhile, CUNA and NAFCU both declined to participate in a new partnership between banks and retailers because the other groups would not stress that retailers must do their part to protect consumer data.
The Feb. 13 announcement of the as yet unnamed effort included some of the largest retail and banking associations, including the National Retail Federation, the Financial Services Roundtable, the American Bankers Association and the National Association of Convenience Stores. The groups said in the release they aimed to help retailers and financial institutions cooperate to protect data security.
“We are committed to working together to ensure customer personal and financial information is secure and protected,” said Tim Pawlenty, CEO of the Financial Services Roundtable. “Exploring avenues for increased information sharing and collaborating on innovative technologies and safeguarding data will be critical in defending against common enemies.”
Although they had been invited to join in the partnership, CUNA and NAFCU declined. The two cited, in part, an unwillingness to change the subject from the retailer's responsibility for safeguarding consumers’ payment data.
“Though we support collaboration whenever possible, this unfortunately does nothing for consumers or small financial institutions like credit unions, who continue to pay for all these data breaches,” said NAFCU CEO Dan Berger. “We still believe national standards for retailers are necessary to protect consumers’ personal financial information, as well as a mechanism to reimburse small financial institutions for their losses.”
On background, a spokesman for CUNA explained the trade declined to join the partnership because it didn't want to shift the focus of its Government Affairs Conference. Thousands of credit union executives are expected in Washington this week to participate in the event, which includes appointments with legislators. The need for greater data protection by retailers is a talking point credit unions are preparing to deliver.
CUNA's members want to discuss this issue without any implication that some sort of understanding has been reached between credit unions with the retailers, because it has not, the spokesman explained. Credit unions still believe retailers should share in the costs of these data breaches and our members will talk to lawmakers about that, he added.