How To Deal With A Breach

Data and Privacy Breaches are Very Important

Not all organizations that handle private consumer data are subject to data protection laws and standards. This means that many of them fail to invest sufficiently in data privacy and security measures. As a result, it can be easier for hackers to gain access to personal information, which may include credit and debit card numbers, debit personal identification numbers (pin), social security numbers, driver’s license numbers, or other sensitive data. Hackers can then sell this information to bad actors or use it themselves to buy things, open new accounts with the stolen data, or other fraudulent actions.

For the past several years, data breaches have been increasing.

Skyrocketing Number of US Data Breaches

Number of Breaches up 350% in Past Decade – up 44% over 2016.
178,955,069 Records Breached in 2017 alone!

Source: Identity Theft Resource Center

Fraudsters Gravitate to Those with Weakest Controls

Percent of Total Breaches

Source: Identity Theft Resource Center

A number of data collectors have a bad track record and shift their mistakes to others

Although most consumers have probably only heard about a few breaches, over 1,200 data breaches occurred in 2018 exposing more than 197 million data records – a 126% increase over 2017. The number of records breached in 2018 is likely much higher since only half of the breaches reported included the number of records exposed.

Source: The Identity Theft Resource Center

When a data breach occurs, data collectors responsible for the breach are often not required to pay the costs associated with the breach. These costs include reissuing new cards to individuals, paying back the fraudulent charges resulting from a breach, or credit monitoring in the case of identity theft. Even when these bad actors are responsible for the breach, they are rarely required to pay ANY costs incurred by fraudulent activities. Who is stuck paying these costs for data breaches? Your Credit Union or Bank—and ultimately, consumers like you.

If data collectors can shift most of the costs of their data breaches to others, what incentive is there to increase their data security?

The answer is simple, none.

Credit Unions Have Been There to Protect Their Members and Customers

Consumers will be protected from fraudulent charges on their cards due to a breach, and the cost is generally picked up by the credit union, not by the data collector.

Financial institutions are sometimes limited in disclosing many of the circumstances of a data breach. Often, they are not able to disclose the organization responsible for the breach itself.

Financial institutions clean up the mess when data breaches occur by informing members and customers and reissuing new credit and debit cards if required. In addition, financial institutions pursue cyber criminals through available legal channels on behalf of their members, saving them time and legal expenses.

While the migration to chip cards has helped curb counterfeit card fraud, it’s still a problem. Data from compromised chip cards can be used to encode the magnetic stripe on counterfeit cards. Those cards can then be used for card present fraud at merchants. Instead of inserting the chip card in a chip-enabled point-of-sale (POS) terminal, the counterfeit cards are swiped at the POS terminal’s magnetic stripe reader. As expected, the migration to chip cards has also resulted in an increase in card-not-present fraud.

Ensuring the safety of members’ data is a top priority of your credit union.

Credit Union Members and Bank Customers Get Stuck With The Bill

After the Target breach for example, credit unions were left on the hook for $30.6 million, according to estimates by the Credit Union National Association (CUNA). Additionally, credit unions reissued roughly 4.6 million credit and debit cards in the aftermath.

Financial institutions not only cover the cost of fraud, but also costs of blocking transactions, reissuing cards, increasing staff at call centers and monitoring consumer accounts.

The data breach at Home Depot was larger than Target, costing credit unions an estimated $57.4 million dollars.

When a data breach occurs the data collectors often shift most of the costs and consumers are ultimately the ones who foot the bill.

Sometimes, financial institutions are reimbursed for data breaches, but when they are, the reimbursement covers only a portion of the total cost.

Have You Been Compromised In Data Breach?

Enter your email address to see if your information has been compromised in a data breach:

Helpful Solutions to Data Breaches


and consumer notification standards with effective enforcement provisions are needed to ensure sensitive data is protected.


need to be equally applied to all stakeholders.


and regulations in favor of strong federal data protection and notification standards.


members and customers about a breach, including where it occurred.


for all those involved in the payments system for protecting consumer data.  The costs of a data breach should ultimately be borne by the entity that incurs the breach.

Time To Take Action


  • Let Congress know it is time to take action and hold merchants accountable for data breaches. Stop the Data Breaches!
  • Tell Congress merchants should be required to reimburse credit unions for the costs they incur as a result of merchant breaches.
  • Let Congress know that credit unions should be able to tell their members the name of a merchant causing the data breach.
  • Click here to Take Action NOW