Credit unions have lost upwards of $30 million dollars due to the Target data breach and the price tag will likely rise, says the Credit Union National Association. The figure comes from an ongoing survey of its members launched shortly after the retail giant announced that a hacker exploit compromised customer credit and debit cards.

The CUNA survey asked credit unions affected by the Target data breach to outline the costs they have incurred as a result. The breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals.

The survey shows that, on average, the breach has cost credit unions about $5.10 per card issued by them. These costs, in most cases,do not include any fraud losses, which are likely to occur later, the trade association says. The cost/card figure is an average across all affected cards, not just cards that have been reissued. Credit unions responding to the survey report having almost 18 million debit cards outstanding, roughly a third of the estimated number of debit cards at all credit unions, and roughly 1.5 million credit cards.

"Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers," CUNA President Bill Cheney said in a statement. "Credit unions must solely cover these costs of card program administration, including in these circumstances of reacting to a merchant data breach.”

Credit unions continue to work with their customers on post-breach responses, according to Kathy Thompson, CUNA's senior vice president for compliance. "This is a business decision for the credit union to decide whether--and if so, how--to communicate with members," she says. “There are no regulatory requirements about notifying members when a breach occurs in a merchant's information systems.”

Many credit unions are posting information about the breach on their websites, updating newsletters, and adding information to call center response line scripts about what they are doing and what members need to do to monitor their accounts. Some have already decided to re-issue cards on vulnerable accounts; others continue to monitor account activity for suspicious transactions.

Thompson says that, for several years, her association has been pushing for congressional action on legislation to require merchants to reimburse financial institutions for costs incurred when breaches occur in retailers' systems.  The cost data collected through the survey will be used to bolster that effort in 2014.

Topics