Target’s data security breach has already cost all credit unions between $25 million to $30 million. Those numbers are expected to climb in coming weeks as more of the cooperative financial institutions report their costs and as fraud losses are incurred down the road, according to preliminary results of a survey of credit unions by the Credit Union National Association (CUNA).
The results of the CUNA survey show that, on average, the Target breach has cost credit unions about $5.10 per card affected by the security lapse. These costs most likely do not include any fraud losses, which are likely to occur later. Additionally, the cost/card figure is an average across all affected cards, not just cards that have been reissued.
The results come from a CUNA online survey posted Jan. 3 on the CUNA website (CUNA.org), and noted in various CUNA member publications. CUNA-member credit unions were asked to report the effects of the Target data breach, which was first announced on Dec. 19. As of Jan. 16, a total of 936 credit unions had responded.
Credit unions responding to the survey report having almost 18 million debit cards outstanding, and just less than 1.5 million credit cards outstanding. These totals represent roughly a third of the estimated number of debit cards outstanding at all credit unions, and somewhat more than that of estimated outstanding credit cards.
Credit unions are still gathering information about the costs of the breach. Once credit unions have had sufficient time to respond to the survey, CUNA will provide a more complete report of the results. The results so far indicate that the majority (77%) of credit unions whose members were affected by the Target breach have already reissued debit or credit cards to their members. About 21% said they will reissue or have selectively reissued cards in response to member requests or other factors. About 2% do not plan to reissue any cards.
In addition, more than one in three credit unions (35%) report having to increase staffing (additional overtime, shifts, etc.) as a result of the Target data breach. And about 38% of credit unions reported that their call volume from members increased 10% to 25% in the wake of the breach.
"Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers," said CUNA president and CEO Bill Cheney. "Rather, credit unions must solely cover these costs of their card program administration, including in these circumstances of reacting to a merchant data breach."