WASHINGTON—CUNA estimates that current CU costs associated with the Target Corp. data breach to be $30.6 million.
The update follows the trade association's initial estimate of $25 to $30 million. CUNA data received from credit unions also shows that 4.6 million credit and debit cards have been reissued.
While CUNA said the projected costs are predominantly for card reissuance and other administrative expenses resulting from the breach, it expects fraud losses-of which more are coming-to significantly add to the total.
"Although Target is ultimately responsible for this data breach, credit unions must solely cover these costs of their card program administration," said CUNA President Bill Cheney, who emphasized the costs, due to CUs' cooperative structure, ultimately fall on CU members. "It's time for retailers like Target to step up and accept their fair share of the costs associated with these types of data breaches."
CUNA's data comes from a survey of credit unions which began on Jan. 3. Over 1,112 CUs have responded. The survey shows that, on average, the Target breach has cost credit unions about $5.68 per card affected by the security lapse. Other expenses have come from administrative costs. Around 37% of credit unions reported having increased staffing, and additional overtime shifts as a result of the data breach.
Smaller credit unions typically must pay more to replace cards, added Cheney. "Unlike trillion-dollar banks, with their economies of scale, smaller credit unions face a more expensive proposition in replacing their cards — but they must cover those costs alone."
NAFCU recently pegged current
