WASHINGTON—Following the massive data breach announced by Equifax, which exposed sensitive data on as many as 143-million Americans, NAFCU President and CEO Dan Berger has reiterated a call to House and Senate leaders for a national data security standard.
"Data breaches have become a constant concern of the American people. Major data breaches now occur with an unacceptable level of regularity," Berger wrote in a letter to Senate Majority Leader Mitch McConnell (R-KY) and Senate Minority Leader Chuck Schumer (D-NY), House Speaker Paul Ryan, (R-UT) and House Minority Leader Nancy Pelosi (D-Calif.
"A recent Gallup poll found that 69% of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers," he continued. "These staggering survey results speak for themselves and should demonstrate the need for greater national attention to this issue. The massive breach at Equifax, and the report that they had known about it for weeks without notifying consumers, is yet another demonstration of the need for a legislative solution."
Credit unions and other financial institutions, Berger noted, have been subject to federal standards on data security since the passage of the Gramm-Leach-Bliley Act (GLBA). These standards are not imposed on retailers and many other entities that handle sensitive personal financial data. "Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," he wrote.
Berger pointed out that the nation's not-for-profit, cooperative credit unions suffer steep losses making members whole following a merchant data breach, and their members ultimately pay those costs.
As CUToday.info reported, the Equifax breach, reportedly discovered July 29, made vulnerable up to 143 million consumers' Social Security numbers, birth dates and home addresses, plus some driver's license numbers. Hackers are said to have obtained 209,000 consumers' credit card numbers and credit dispute documents for as many as 182,000 others. The firm said there were no intrusions into core consumer or commercial credit reporting databases.