Data security breaches are occurring with such frequency that they have become embedded in the public consciousness. But the epic lapse at Equifax, affecting more than 145 million consumers, proves more than any other the need for accountability for the people and organizations that handle and retain consumers' sensitive personal and financial data.
The past few years have brought an alarming jump in the number of data breaches. Remember Target? That breach – one of the total 614 breaches reported in 2013 by the Identity Theft Resource Center – cost the nation's not-for-profit, member-owned credit unions an estimated $28 million in costs for card replacement and making their members whole. Last year, the center reported 1,092 breaches. This year, the total had reached 1,202 by late November.
Credit unions are feeling the brunt of this trend.
That is why NAFCU is ramping up an industry push for a national data security standard to ensure everyone – financial institutions, merchants and data giants like Equifax – is doing their part to protect consumers' information from data thieves.
Those responding to a NAFCU survey this spring said they were alerted about a possible breach of their members' financial data 189 times – on average – in 2016. Merchant data breaches the same year cost each credit union an estimated $362,000 in direct and indirect costs, including expenses related to monitoring, reissuance, fraud investigation, or losses and insurance.
Most of us realize that in today's world, it is nearly impossible to keep your personal information personal. But it makes absolutely no sense to require some businesses to adopt minimum standards for data protection when other, larger organizations are given a pass until a hack occurs.
To change this, NAFCU will work with Washington lawmakers in the New Year to achieve comprehensive data and cybersecurity legislation that would:
- Hold all entities that handle personal financial data to the same federal standards credit unions and other depository institutions follow under the Gramm-Leach-Bliley Act;
- Require that all organizations subject to parts of GLBA – including Equifax – also be examined by a regulator for compliance; and
- Ensure that negligent companies be held financially liable for losses occurring due to breaches on their end.
It's imperative that everyone in the payments ecosystem take an active role in addressing emerging threats and protecting consumers' personal financial information. Credit unions, which serve more than 110 million member-owners, should not have to pay for the mistakes of third parties handling their members' data. We need Congress to act so those members, and all Americans, can transact business with the knowledge that everyone handling their data is doing so responsibly.
B. Dan Berger is president/CEO of NAFCU. He can be reached at 703-522-4770 or [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
