The ITRC 2017 Breach Report's break down of five industry sectors still reveals business is way in front at 55.9%, followed by medical/healthcare, 21.6%, educational, 11.9%, government, 5.4% and banking/credit/financial, 5.2%.

Of course, any incident, if it included payment information, could also touch credit union cardholders.

"Members are becoming somewhat immune to the reporting of new data breaches because they are becoming a part of everyday news," Ashley McAlpine, fraud prevention manager for the Rancho Cucamonga, Calif.-based CO-OP Financial Services observed. "Having a cardholder education program can be instrumental in keeping members' attention on new breaches or innovative techniques fraudsters are utilizing."

Rebecca Herold, president of the Des Moines, Iowa-based SIMBUS and CEO of The Privacy Professor, listed three risky ways credit unions' card breach risk increases:

• Credit unions need to switch to chipped cards from the magnetic strip cards if they are still using them.

• Many credit union clients, who are small to mid-sized businesses, use POS devices and systems to collect payments, with poor, and sometimes no, information security or privacy controls in place on their POS network, systems and devices.

• Too many businesses believe their POS vendors have all the security issues they need in places without checking to verify that they actually do. "This is a very bad, and risky, assumption!" Herold said.

"Credit unions will potentially be liable and/or subject to significant losses for these types of POS breaches when their cards are involved," she added.

Herold also pointed out malware sometimes gets loaded through third parties – employees who fall victim to phishing scams, or malicious insiders who see an opportunity to collect data to sell to others or to hurt their employer.