WASHINGTON—The Home Depot data breach has cost credit unions almost $60 million, according to new data released by CUNA. That brings to $90 million the estimated costs to CUs when the Target breach is also factored in.
CUNA said the September breach has led to costs for credit unions that have included card reissuance, time spent dealing with fraud, and other expenses. CUNA’s findings are based on a survey it made of its members from Oct. 1 through Oct. 24.
In September, The Home Depot announced that approximately 7.2-million credit union debit and credit cards had been affected by the breach. CUNA estimates the cost of the violation per card at $8.02, which included costs for reissuing new cards, fraud and all other costs – such as additional staffing, member notification, account monitoring and others.
The Home Depot survey follows a separate survey conducted by CUNA in January in the wake of a data breach at Target stores in December, 2013. That survey found that the Target breach cost credit unions nearly $30 million.
CUNA said its most recent CUNA found that – to date -- credit unions have not been reimbursed for the costs they incurred as a result of the Target breach.
“The cost to credit unions of data breaches – which seem to be occurring with increasing regularity – is rising, as the CUNA surveys clearly demonstrate,” said CUNA President/CEO Jim Nussle in a statement. “The bottom line is that credit union members end up paying the costs – despite the fact that the credit unions they own had nothing to do with causing the breach in the first place.”
Nussle reiterated CUNA’s call for legislation in Congress that would address the role of merchant data breaches, saying, “The law and the incentive structure today allow merchants to abdicate that responsibility, making consumers vulnerable. Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others.
CUNA said its chief economist, Bill Hampel, who conducted the survey, said the results show that more than four-in-every five (80.1%) of credit unions affected by the breach have reissued or will reissue all affected cards. Nearly one in five (18.5%) will reissue or have selectively reissued cards in response to member requests or other factors. The remainder – 1.4% -- do not plan to reissue any cards, CUNA said.
“Card reissuance is an expensive proposition, representing about a quarter of the total costs to credit unions of these breaches,” Hampel said in a statement. “But our latest survey found that fraud is the most expensive component of costs, amounting to $4.89 for each card, or 60% of the total costs.”
CUNA said that credit unions responding to the survey (835 total) have issued a total of 20.1 million cards outstanding (14.9 million debit cards and 5.2 million credit cards). The total represents 28.2% of the 53.0 million debit cards issued by credit unions, 32.5% of the 16 million credit cards outstanding, and 29.2% of the total of 69 million cards outstanding.