ALEXANDRIA, Va.–In remarks offered at a meeting yesterday, NCUA Chairman Debbie Matz said data breaches at retailers have cost credit unions greatly, and as a result retailers and other third parties that are responsible for such breaches should cover those costs to financial institutions.
“Throughout this year, credit unions and their members have suffered from data breaches they did not cause. However, no matter how far removed a data breach may be from a credit union, that credit union may pay in terms of its balance sheet and its reputation,” Matz said in remarks to the Metropolitan Area Credit Union Management Association. “When breaches occur in third-party data systems, the responsible third parties should be held accountable. Financial institutions are required by law to protect sensitive information. Yet it is financial institutions, not retailers, who must shell out as much as $15 for every new card issued to affected cardholders. It is financial institutions, not retailers, who must monitor affected accounts and reassure consumers that those accounts are still safe. Retailers should be held to the same high data protection standards. It is time to end the double standard.”
As CUToday.info has reported here, Matz said cybersecurity will continue to be a supervisory priority for NCUA in 2015.
“Next year, NCUA will expect credit unions to implement controls to better detect cyber-attacks, to better protect themselves and their members and to better recover from those attacks,” she said.
Matz told the group that despite existing regulatory guidance, many institutions fail to take basic cybersecurity measures, such as encrypting sensitive data before transmission, applying access controls and conducting tests to determine resilience to attacks. That creates a major threat.
Matz’ comments were met with support by NAFCU, where CEO Dan Berger issued a statement saying, “We thank Chairman Matz for joining in NAFCU’s long-held conviction that retailers and merchants must be held accountable for data breaches, and we thank her for her leadership on the issue. We look forward to making progress toward legislation that would help protect credit union members from continuing data breaches by holding retailers to account through national data security standards.”
Related
NASCUS CU Cyber Security Symposium