Once the numbers were crunched it turns out that September’s Home Depot data security breach cost credit unions nearly $60 million, twice as much as the Target breach cost them earlier this year.
The Credit Union National Association (CUNA) commissioned the survey of their members, finding that 7.2 million credit and debt cards were affected. Credit unions along with banks reissued cards to consumers whose accounts were compromised.
They also picked up the tab for other costs associated with the fraud, which includes hiring additional staff to deal with credit card monitoring and notifying members about security issues. Overall the cost was around $8 per card. Re-issuing the card was the most expensive part at nearly $5 each.
The study showed that four out of five credit unions that were affected have or will be re-issuing credit cards, with nearly one in five selectively re-issuing cards when cardholders ask.
Credit Unions and banks may face another round of payouts due to a data breach at Staples reported by media outlets last month.
Calling on Congress for help
Credit Unions end up paying the cost of cleaning up after data breaches even though they were not directly involved. “The law and the incentive structure today allow merchants to abdicate that responsibility, making consumers vulnerable,” said CUNA President and CEO Jim Nussle.
CUNA is advocating for Congress to get involved in protecting consumers and merchants. “Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others.”
The CUNA study was conducted from October 1 to 24 via an online questionnaire to member credit unions. CUNA services credit Unions in the U.S, which are non-profit cooperatives, offering consumers affordable financial services.