WASHINGTON (1/23/14)--National media attention is being generated by the Credit Union National Association release of estimated credit union costs created by the Target data breach, and it's getting CUNA recognized for being in the forefront of organizations providing info on costs.
Survey coverage in the Wall Street Journal's MoneyBeat blog noted CUNA was one of the first groups to "identify the hit to financial institutions from the breach." The survey also received coverage in Washington political paper The Hill, with CUNA President/CEO Bill Cheney being quoted in that story.
AP also did a piece on the survey, picked up by CNBC.com, which zeroed in on Cheney's comments that retailers such are Target Corp. are "rarely held responsible for reimbursing financial institutions for the costs that the data breach has incurred on them and, in the case of the credit unions, their members."
That article noted the CUNA estimate that Target breach has cost credit unions about $5.10 per card affected by the security lapse--and said that is just the beginning because the preliminary estimate doesn't include fraud losses that are expected to rise in coming weeks.
The breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals.
The CUNA survey drew results from 936 credit unions.
According to CUNA's survey results, credit unions have incurred costs in the range of $25 million to $30 million as a result of the breach. The Target breach has cost credit unions about $5.10 per card affected by the security lapse, on average. These costs most likely do not include any fraud losses, which are likely to occur later.
These estimated costs could be exceeded if greater fraud losses are incurred or those that have reported already add additional costs to their reported totals.
Cheney has noted that these expenses will not be reimbursed to credit unions and their members by Target or other retailers. "Rather, credit unions must solely cover these costs of card program administration, including in these circumstances of reacting to a merchant data breach. And, because of credit unions' cooperative structure, the costs of such breaches are ultimately borne entirely by credit union members," he said.