Press

Judge keeps Target case alive; credit unions still awaiting reimbursements from store chain – 1 year later

(December 4, 2014) — Following a federal judge’s decision this week in which he declined to dismiss a lawsuit against Target stores over financial institution losses as a result of last year’s massive data breach, the Credit Union National Association (CUNA) is reminding all that – almost exactly one year since the breach – credit unions have not received a single dollar from the store chain in reimbursements for the violation.

“With the holiday spending season underway, the potential for another massive breach like last year’s Target violation is on the horizon,” said Jim Nussle, CUNA President and CEO. “Nothing is being done to quell these breaches on the retailers end, nor are retailers like Target reimbursing credit unions for the losses credit unions suffered due to insufficient merchant data security standards. One year later, credit unions still haven’t received anything in reimbursements from the store chain – and that really stings.”

According to results of a CUNA survey early this year, the violations at the Target stores cost credit unions more than $30 million, with credit unions replacing more than 4.6 million cards, Since then, there have been several other data breaches – including the huge breach in late summer at Home Depot, which cost credit unions more than $60 million, according to a second CUNA survey conducted in October.

The survey also found no credit unions had received reimbursements from Target.

Nussle noted that, while the judge’s decision this week is welcome, recovery for credit unions from litigation continues to be uncertain. “We’re heartened that the court understands the basic reality that merchants owe a duty of care to financial institutions,” Nussle said.

Under current standard, merchants are not required to pay the costs of sending individuals new credit and debit cards nor do they generally pay any of the fraudulent charges an individual may have on their cards or accounts as a result of the breach at their retail institution. In fact, when merchants are responsible for the breach, they are rarely required to pay any costs incurred by their customers, leaving credit unions and other financial institutions holding the bag.  The Identity Theft Resource Center estimates more than 500 data security breaches have occurred in 2014, exposing over 75 million data records.

“The ill effects of merchant data breaches touch Americans everywhere because merchants are not held to the same data security standards as financial institutions,” said Nussle. “Congress must act to protect consumers by taking steps to enhance data security standards for merchants in the 114th Congress. Without equal standards, retailers have zero incentives to protect the important financial information of the American people who shop in their stores.”

With no end in sight to retail data breaches, CUNA has created a brief 60 second video to provide a brief overview of retailer data breaches. You can see this video here: http://youtu.be/D8NCYXCsVNk. CUNA and CUNA Mutual also recently teamed up to compile a list of risk management practices (below and on www.stopthedatabreaches.com) for credit unions and credit union members.

Credit Union Members

  • Don’t respond to email, text or telephone calls asking for personal or financial information
  • Frequently review account activity and immediately report unauthorized transactions
  • Place an initial fraud alert with credit bureaus if fraud has occurred
  • Enroll and opt-in for transaction monitoring
  • Use card on/off switches (if available)
  • Enroll in Verified by VISA / MasterCard Secure Code

Credit Unions

  • Monitor card association alerts
  • Utilize name matching
  • Block and/or reissue cards
  • Monitor daily card fraud
  • Work with a fraud monitoring system vendor
  • Review or reduce daily dollar limits
  • Comply with applicable data security laws and regulations, including Part 748 of NCUA’s regulations
  • Refer to the FFIEC Information Technology Examination Handbook InfoBase

In addition to helping arm credit unions and their members with tips on how to minimize risk, CUNA has been actively advocating changes to federal law to address this issue in a variety of ways. Following the Home Depot data breach, CUNA sent letters to six merchant trade groups on cybersecurity and payments. CUNA has also sent a letter to the president requesting that the administration establish a Cybersecurity Council; provided the quantitative analysis of the costs of data breaches on credit unions at Target and Home Depot; canvassed Capitol Hill to urge lawmakers to force merchants to meet strict data security standards; launched a website www.stopthedatabreaches.com that allows consumers to take action and urge Congress to step in and hold merchants accountable for data violations; and called on merchant groups to work with financial institutions to implement solutions.

About CUNA:
With its network of affiliated state credit union leagues, Credit Union National Association (CUNA) serves America’s credit unions, which are owned by 100 million consumer members. Credit unions are not-for-profit cooperatives providing affordable financial services to people from all walks of life. For more information about CUNA, visit www.cuna.org or follow @CUNA on Twitter. For more information about credit unions, visit www.aSmarterChoice.org and follow @asmarterchoice on Twitter. Visit the CUNA Press Room for a full listing of media mentions, press releases and resources to stay informed on current events within the credit union industry.

More News