NW Cost of Responding to Target Data Breach Now $1.7 Million, Latest CUNA Figures Show
February 14, 2014
Feb. 14, 2014
Northwest credit unions have spent nearly $1.7 million responding to the massive theft of financial data from Target stores, according to the latest estimates from a nationwide survey by the Credit Union National Association.
The survey now puts the cost to credit unions across the country at about $30.6 million to date. That total reflects an increase in the average cost of reissuing credit and debit cards, as well as costs for additional staffing, member notification and account monitoring. It does not include fraud losses, which CUNA says are likely to occur later and could be substantial.
The theft of payment-card and personal information affected more than 110 million Target customers who shopped at the retailer’s U.S. locations during the holidays, making it one of the biggest thefts of its kind in U.S. history. In addition to “track data” from debit and credit cards, thieves also stole customer names, mailing addresses, phone numbers and email addresses.
In the Northwest, the heist has affected an estimated 298,000 credit and debit cards issued by credit unions, or about 8 percent of their total cards outstanding. Responding to the Target breach has cost credit unions an average of $5.68 per affected card, the CUNA survey says.
Credit unions were asked to report two things to CUNA: the cost of reissuing cards, and all other costs related to the Target breach. Through Friday, 1,112 credit unions had responded to the survey, including 31 in Washington and 17 in Oregon.
By combining specific survey responses with Call Report data from all 50 states, CUNA estimates that credit unions nationwide have 15 million credit cards (911,000 in the Northwest) and 51 million debit cards (2.8 million in the Northwest) outstanding. Of those, an estimated 638,000 credit cards (38,000 in the Northwest) and nearly 4.7 million debit cards (260,000 in the Northwest) have been affected by the Target breach.
The survey also shows:
- The average cost of reissuing a card is $3.23. The average of all other related costs is $2.45 per affected card. That puts the average total cost incurred by credit unions at $5.68 per affected card.
- 79 percent of credit unions will or have reissued all affected cards; 19 percent will or have selectively reissued cards in response to member requests; 2 percent do not plan to reissue any cards.
- 94 percent of credit unions were notified by their card processor or network that some members’ cards had been affected. Of that total, 41 percent were notified on Dec. 19, and nearly three out of four credit unions were notified by Dec. 21.
- 37 percent reported having to increase staffing in response to the breach.
- 39 percent said call volume increased by as much as 25 percent following the breach; 35 percent said call volume was either normal for this time of year or increased by less than 10 percent.
The survey is still available here, and there is no deadline for responding.
“We have not officially closed the survey, but unless we get a large number of additional responses, we will likely not rerun the analysis,” says CUNA Chief Economist Bill Hampel.”However, if after a few months we hear that credit unions have experienced significant fraud losses, we will conduct a follow-up survey to learn about those costs.”
Meanwhile, in related news this week:
- Preliminary results of a Northwest Credit Union Association survey put the average cost for responding to a November 2013 data breach at grocers operating under the URM Stores Inc. umbrella at nearly $62,500 per credit union.
Eleven credit unions had responded to the NWCUA’s survey through Feb. 14. Those credit unions reported fraud losses that averaged $44,700; costs related to reissuing affected cards averaged nearly $17,800 per credit union, the survey showed.
- Two more credit unions have filed a class-action complaint against Target, this time naming a third-party vendor–Fazio Mechanical Services of Pittsburgh, Pa. — as the point of entry for the breach that compromised consumers’ financial and personal information between Black Friday and mid-December .
Employees Credit Union of Dallas, Texas, and KC Police Credit Union of Kansas City, Mo., were joined by Texas-based American Bank of Commerce in filing suit this week in U.S. District Court in Dallas, saying they “have incurred (and will continue to incur) damages to their businesses and/or property in the form of…expenses to cancel and reissue compromised payment cards, absorption of fraudulent charges made on the compromised payment cards, business destruction, lost profits and/or lost business opportunities.”
Other suits against Target — including one by Alabama State Employees Credit Union and another by First Choice Federal Credit Union of New Castle, Pa. – will likely be consolidated into a single legal action before a federal judge, CNN Money reports.
Questions? Contact Gary Stein: 503.350.2216, firstname.lastname@example.org.