ARLINGTON, Va.—Data breaches have reached a “tipping point,” and the country faces a “dire” situation, says NAFCU.
The statement comes two more data breaches have been announced.
“The Identity Theft Resource Center reports that hacking incidents reached a nine-year record in 2015, with the business sector, including retailers, accounting for 39.9% of breaches, the single largest category,” said NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt. “Data breaches have reached a tipping point. Consumers and financial institutions, including credit unions, continue to pick up the tab for retailers and other businesses’ lack of national data security standards. It is critical that Congress act to protect consumers and our economy.”
NAFCU noted that the latest ITRC data for May 2016 shows the situation is “even more grave. The business sector, including retailers, accounted for 48.4% of data breaches, again the leading category of data breaches and 19.9% of exposed records. The financial sector accounted for 2.5% and 0% of exposed records.”
NAFCU stated that it was the first financial trade organization to call for national data security standards for retailers in the wake of the massive Target data breach in 2013, and that it continues to push for legislative action on Capitol Hill.
Credit unions and other financial institutions already protect consumers’ personal data under the provisions of the 1999 Gramm-Leach-Bliley Act (GLBA). There is no comprehensive regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data, NAFCU said.
Sens. Tom Carper (D-DE) and Roy Blunt (R-MO) introduced the bipartisan bill S 961, the “Data Security Act of 2015,” and Rep. Randy Neugebauer (R-TX) and Rep. John Carney (D-DE) introduced the companion House bill, HR 2205.
“This legislation would set a national data security standard for retailers akin to GLBA while acknowledging financial institutions existing adherence to GLBA standards,” NAFCU said.
As CUToday.info reported, this week, NAFCU has joined with six other financial trades groups to promote the “Stop the Data Breaches” campaign, which promotes HR 2205/S 961.
A new website – www.StopTheDataBreaches.org – details how the legislation would hold retailers to the same strong data security standards that credit unions already follow under the Gramm-Leach-Bliley Act. The measure would also institute notification requirements in the event of breaches such as the massive attacks on Target and Home Depot.
A survey of NAFCU members last year showed that the estimated costs associated with merchant data breaches in 2014 were $226,000 on average. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work to strengthen existing cyber mechanisms.
In Nashville, O'Charley's Inc. is reporting that its POS network has been hit by hackers, possibly affecting cards used between March 8 and April 18.
The company, which runs more than 200 restaurants in 17 states, said an unauthorized program was installed on point-of-sale systems that looked for data from payment cards used at its restaurants, Reuters reported.
The restaurant chain said the data compromised appears to be cardholder names and card numbers, but no other information was involved.
O’Charley’s has notified law enforcement officials and payment card networks about the breach, the news outlet stated.
Separately, Broomfield, Colo.-based Noodles & Co. said its systems have also been breached. Denver Community CU has been among the financial institutions alerting members/customers that replacement cards are being issued.
Numerous Noodles & Co. customers have reported unauthorized charges on their cards. How the breach took place and for how long has not been released.