Outrage, lawsuits and justifiable anxiety exploded following disclosure of the damaging Equifax breach, which exposed sensitive information of some 145.5 million Americans. How should credit unions respond to the resulting threat?
The cybersecurity mess started when hackers took advantage of a flaw in the credit reporting agency software to steal social security numbers, birthdates, and other personal identifying information. This untethered information could come back to haunt credit unions and members in the form of account takeovers, fraudulent charges, and other criminal uses involving identity theft.
Security and industry experts offered their opinion about possible ramifications for credit unions from the Equifax breach.
"This creates a greater opportunity for attackers applying for credit using known good identity data," Perry Carpenter, chief evangelist and strategy officer at Tampa, Fla.-based KnowBe4, said. It also means the compromise of questions typically asked by online anti-fraud systems.
NAFCU President and CEO Dan Berger declared in a statement that it is credit unions and other financial institutions that help consumers after a merchant data breach. "It's going to be the financial institution that makes them whole, that pays off the charges or replaces money in the customer's checking account, or reissues the cards, and all those costs fall back on the financial institutions," he said. "These big card breaches are going to continue until there's a national standard that holds retailers and merchants accountable."
St. Petersburg, Fla.-based PSCU's chief information security officer Gene Fredriksen, and chief risk officer Jack Lynch at PSCU provided takeaways.
Fredriksen suggested credit unions look at the rising trend as a holistic issue. "If we continue to treat each breach as a separate case instead of looking at it as an epidemic, we will never make true headway."
Lynch said the breach certainly affects the already serious issue of account takeover and synthetic fraud. Lynch recommended organizations ensure all credit union staff has talking points to address member concerns.
Tyler Carbone, chief product officer at Baltimore-based Terbium Labs, said, "There continues to be a lot of data out there, and it's likely that Equifax will mean an increase in supply as it gets out." He added this kind of data has always been out there, and so the strategies many credit unions adopt to date are still the right ones, they're just more necessary than ever.
"Equifax, and Experian and TransUnion, those three credit reporting agencies have been collecting data on people for years that goes far beyond what financial companies typically have," Rebecca Herold, president of the Des Moines, Iowa-based SIMBUS and CEO of The Privacy Professor, pointed out. "Be aware of phishing attempts not only through e-mail but also through phone calls [vishing], text messages [SMiShing] and even instant messaging [SPIM]."
Ashley McAlpine, fraud prevention manager for Rancho Cucamonga, Calif.-based CO-OP Financial Services, explained in the Equifax aftermath CO-OP advised its credit unions to look at any place receiving new applications for cards, especially online applications. "We're going to probably see a lot of instances where fraudsters are trying to capture the data stolen from Equifax in combination from other breaches."
Read the full article in the Oct. 11 edition of CUTimes.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
