Update: CUNA Posts Online Survey to Gauge Financial Impact of Target Breach

CUNA posted an online survey today to collect information about the costs incurred by credit unions in response to the massive data breach at Target stores nationwide, and the Northwest Credit Union Association is urging its members to complete the brief questionnaire as soon as possible.

More than 40 million cards used in Target’s U.S. stores between Nov. 27 and Dec. 15 were affected by the breach; Target says customer names, card numbers, expiration dates and three-digit security codes all were compromised.

The survey, available here, asks credit unions that offer debit and/or credit cards to report not only the financial costs of closing accounts and reissuing cards, but also the impact of the breach on operations such as call centers. CUNA also wants to know how quickly credit unions were notified of the breach by their card processors or networks, and how specific those notifications were.

“The Association is working very closely with CUNA to determine the extent of the damages credit unions are experiencing due to this breach,” said Jennifer Wagner, the NWCUA’s vice president for legislative advocacy, who is monitoring the effects of the breach for the Association. “We will work vigorously to pursue legal options open to credit unions, and we will also work with state and federal legislators to improve our opportunities for statutory relief.”

CUNA says the data collected in the survey will be crucial to its advocacy efforts to minimize potential costs of the Target data breach and to protect credit unions from harm from future data breaches. Bill Cheney, CUNA’s president and CEO, said last week that the organization is already in contact with key congressional leaders “about our ongoing concerns about the responsibility of merchants to protect data and be accountable for the consequences of data breaches when they occur.”

Credit unions can complete the online survey anonymously, but CUNA is urging respondents to include their charter number so that the information can be incorporated into 5300 Call Reports.  In any case, only CUNA’s Marketing Research staff will have access to individual credit union responses.

In related news this week:

  • Alabama State Employees Credit Union filed a class-action lawsuit Monday related to costs associated with the Target data breach. The suit, filed in an Alabama federal court, seeks $5 million in damages for losses suffered by millions of financial institution members and customers whose personal financial information was compromised, as well as costs associated with closing accounts and reissuing new checks, debit cards and credit cards.
  • Despite earlier denials, Target has now indicated that PINs were in fact compromised in the data breach. The company says, however, that the PINs were encrypted at the keypad, remained encrypted within its system and were encrypted when they was stolen. CSCU, one of the industry’s largest providers of payment systems, said on its website Monday that cash fraud as part of the compromise is considered minimal at this point.
  • Most issuers are reporting that the majority of the fraud they have experienced is on credit cards and not on debit cards, CSCU said. Based on anecdotal reports, most major issuers are continuing to monitor their accounts and have not engaged in a mass reissue of their portfolio.
  • Target warned consumers to beware of phishing emails that look like they’re from Target and play on consumers’ fears that their financial information has been compromised. The company said it would post all official emails to its website so that customers will know the difference between valid emails and phishing scams. In the meantime, Target urged consumers not to open any links in emails purported to be from Target, because they could potentially allow additional access to personal information.  

Questions? Contact Gary Stein: 503.350.2216, gstein@nwcua.org. 

Posted in CUNA.