cybersecurity war Source: Shutterstock.

How do breaches affect credit unions? Are they shielding their member base, caught staring at the headlines but not acting, planning for the worst or just hopeful they will get lucky?

The financial services industry is under attack.

More than 1,300 breaches exposed more than 163 million reported records in 2019 with the banking/credit/financial category representing only about 7% of the incidents but more than 60% of the total reported records, according to the San Diego, Calif.-based Identity Theft Resource Center (which was still tallying the damage at press time).

The worst data breaches affecting the ITRC's banking/credit/financial category, based on reported records confirmed by various media sources and/or notification lists from state governmental agencies, included:

  1. Capital One —100 million records.
  2. Centerstone Insurance and Financial Services d/b/a BenefitMall Texas — 111,589 records.
  3. Auto Approve — 93,759 records.
  4. Nassau Educators Federal Credit Union — 86,773 records.
  5. JD Bank — 39,827 records.

There were handful of other credit unions breached as well including: Dominion Energy Credit Union (2,662 records), Florida A&M University Federal Credit Union (2,329 records), and Town & Country Federal Credit Union (2,030 records).

Some credit union executives seem to underestimate the potential breach damage to their institution and membership, so CU Times elicited help from folks on the frontlines of the credit union cybersecurity war.

"In general, we must remember that the measure of credit union success comes from our members. Our members expect their information will be correct, delivered when they need it, and where they need it. They expect all this to done securely," Gene Frederiksen, executive director and CEO at the National Credit Union Information Sharing & Analysis Organization, said.

The St. Petersburg, Fla.-based payments CUSO PSCU's Chief Information Officer Dave Stafford and Chief Information Security Officer David Bryant, teamed to provide guidance and recommendations. They noted there are two angles to consider when determining how breaches impact credit unions:

  1. As owners of technical applications and infrastructure, credit unions and their processing partners can suffer from direct cyberattacks like any other entity. Members may lose faith in the credit union to protect their data and will do business elsewhere.
  2. The second angle lies in the downstream impact of common breaches to large merchants, healthcare providers and repositories of payment card industry or personally identifiable information.

"Reports of increased cybercrime continue to surface daily and it will take a coordinated, focused effort from credit unions, their processing partners and their members to continue to properly address and combat the threat." Stafford and Bryant said.

Read the full account of the impact of breaches on credit unions in the Jan. 22 issue of CU Times.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).