X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

WASHINGTON – Attorney’s General from 49 of the 50 states have written CardSystems Solutions, the card processing firm whose security lapse led to the compromise of 40 million debit and credit numbers and which is still costing credit unions money, an angry letter demanding answers. The officials wrote the June 28 letter under the auspices of the National Association of Attorney’s General (NAAG) and referenced the continued media reports about the security breach before they requested the number of total consumers impacted by the breach in each state, an explanation of how the breach occurred, the steps the company is taking to mitigate consumer injury and the plan the company has in place to keep data secure. The letter noted that the media reports indicated that the company had been in violation of Visa and MasterCard’s Payment Card Industry Data Security Standard, the body of regulation which is supposed to keep consumer’s card information safe. “This is unacceptable,” the attorneys wrote. “As you are no doubt aware, the breach that occurred at your company is only the latest in a disturbing series of cases where nonpublic personal information has been subject to unauthorized access,” they wrote. “In this era of increasing reliance on technology, it is vitally important that those companies entrusted with nonpublic personal information employ the highest levels of security.” The letter gave the company until July 25 to communicate the information that the attorneys-general have requested to NAAG. The letter did not say what would happen if the company failed to comply with the request. Meanwhile, media in various communities have continued to report the damage to credit unions that the data breach has caused. The $958 million Affinity Plus Credit Union, headquartered in St. Paul, Minnesota, had over 4,000 credit and debit card accounts compromised by the card breach and has chosen to reissue all the cards, even though only one of the card accounts, so far, has had any fraud on it. The credit union has sent letters to all its members impacted by the breach explaining what happened and has followed those letters with calls from a staff person asking whether the member wanted their old card closed immediately or at a later time. “We decided as an organization to reach out to every single member since our goal is to build relationships founded on trust with our members,” said Katie Wahlquist, a marketing manager with the credit union. Meanwhile in Norcross, Georgia, the $829 million Associated Credit Union will replace 3,000 debit and credit cards for its members whose numbers were compromised in the breach, and the $375 million National Institutes of Health CU, headquartered in Bethesda, Maryland, had 2,000 cards impacted in the security failure. The latest reported hit has been the $2.3 billion Pennsylvania State Employees Credit Union, headquartered in Harrisburg, Pennsylvania. That credit union has closed and reissued 7,300 of its cards which have been identified as most at risk, a report said. PSECU is already involved in a lawsuit it brought against B.J.’s wholesale club, one of the earliest of the round of security breaches that led it to have to close accounts and reissue cards. -

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2019 ALM Media Properties, LLC. All Rights Reserved.