Target breach to cost credit unions estimated $25M-$30M, CUNA study shows

Preliminary data from a Credit Union National Association (CUNA) survey show that credit unions have already incurred costs estimated to be in the range of $25 million to $30 million in costs as a result of the Target stores data security breach.

Locally, credit unions in Massachusetts have reported that more than 100,000 credit and debit cards have been affected at a cost of $530,000.  In New Hampshire, 54,000 cards have been affected to the tune of $144,862; and Rhode Island credit unions indicate that they have 23,000 cards impacted costing $60,495.

Massachusetts Credit Union League (each state) President/CEO Paul Gentile stated, “The expense to credit unions is unreasonable and unfair.  Credit unions and other issuers are working hard to provide a safe and secure payment system that offers consumers convenience while carefully safeguarding their identity and financial information.  The merchants must step up and take responsibility for their failure to protect the payment system and the information that their customers have entrusted to them.”

The results of the CUNA survey show that, on average, the Target breach has cost credit unions about $5.10 per card affected by the security lapse. These costs most likely do not include any fraud losses, which are likely to occur later. Additionally, the cost/card figure is an average across all affected cards, not just cards that have been reissued.

"Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers," CUNA President Bill Cheney said. "Rather, credit unions must solely cover these costs of card program administration, including in these circumstances of reacting to a merchant data breach. And, because of credit unions' cooperative structure, the costs of such breaches are ultimately borne entirely by credit union members," he added.

"Credit unions responding to the survey report having almost 18 million debit cards outstanding and just less than 1.5 million credit cards outstanding. These totals represent roughly a third of the estimated number of debit cards outstanding at all credit unions, and somewhat more than that of estimated outstanding credit cards," CUNA Chief Economist Bill Hampel noted.

The CUNA survey asked credit unions affected by the Target data breach to outline the costs and burdens they have seen as a result. The breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals.

The data will help inform CUNA conversations with lawmakers, regulators, the media, and others. There is no deadline for credit unions to respond to the survey, and credit unions that have not yet responded are encouraged to do so. Credit unions that have responded can also update their totals if new costs are incurred.