"While it is unlikely that CUANM will share in any monetary proceeds from a settlement, it is extremely important we speak up and make it absolutely clear that Equifax is a bad actor and has caused serious and long-term damage to both credit unions and their members. We will continue to speak out about this situation and attempt to focus light on a problem that demands serious attention," he added.

Stull isn't the first league president to criticize Equifax for its data breach. 

New York Credit Union Association president and CEO William J. Mellin said in a scathing public statement on September 19 that the breach highlights the need for tougher state-level cybersecurity standards if Congress does not create federal data-protection standards. 

"The Equifax data breach and their bungled response yet again underscore the need for a robust cybersecurity framework at the federal level. The bottom line is, what we're doing now from a cybersecurity standpoint is just not working," he stated. 

"Far too often we are seeing the same reaction from organizations that have failed to adequately protect consumers' data: a press release that's light on details released long after the breach was discovered; a year of free credit monitoring; and an apology and a commitment to do better. That's no longer enough," Mellin added. 

The Equifax breach, announced September 7, was first thought to affect 143 million U.S. consumers. Compromised information primarily includes names, Social Security numbers, birth dates, addresses and in some cases driver's license numbers. The breach also jeopardized credit card numbers for about 209,000 people, as well as dispute documents for about 182,000 consumers. A subsequent forensic investigation announced on October 2 found that an additional 2.5 million U.S. consumers were affected, bringing to the total to 145.5 million people.

At least four credit unions are suing Equifax for damages related to the credit-reporting agency's recent data breach, court records show.

Colorado Springs, Colorado-based Aventa Credit Union and New Castle, Pennsylvania-based First Choice Federal Credit Union, along with the New Orleans-based Bank of Louisiana, filed their class-action complaint against Equifax in U.S. District Court on September 22. Similar to a separate class-action suit filed by Summit Credit Union on September 11, the three financial institutions allege that Equifax failed to secure its website, ignored warnings from security experts and took too long to disclose the breach. 

Gulf Winds Federal Credit Union, which is headquartered in Pensacola, Florida, later filed a suit of its own on October 3. That credit union has $659 million in assets and about 60,000 members.

Madison, Wisconsin-based Summit Credit Union has $2.8 billion in assets and about 167,000 members. Aventa Credit Union has $175 million in assets and about 23,700 members. First Choice FCU has $44 million in assets and 6,700 members. The financial institutions claimed they will incur financial losses related to card reissue, fraud and fraud prevention.