WASHINGTON — The Target Corp. data security breach and now the Neiman Marcus cyber attack have NAFCU asking NCUA to partner with the Federal Trade Commission and other regulators as new rules are made to ensure the safety of data security systems.
NAFCU President Dan Berger made the request today in a letter to the NCUA board.
"As lawmakers continue to monitor the situation and make legislative fixes as necessary, it is imperative that regulators work together to ensure the safety of our data security systems," said Berger in the letter. "The FTC is currently exploring a range of regulatory options to assist consumers, business, and financial institutions. NAFCU believes that the NCUA should ensure that credit unions are protected from any unnecessary regulatory burden and allow them to continue to provide quality services to their members."
Berger noted that credit unions are "already subject to stringent data security requirements" and that any additional regulatory action should be "directed towards merchants to ensure they take greater responsibility to protect against data breaches."
The letter follows both
The necessity of changes to data security is more evident than ever in light of Target Corporation's data security breach," wrote Berger. "Furthermore, last
Neiman Marcus Group Ltd. said Jan. 10 that some unauthorized purchases may have been made with customer cards. Credit-card processors alerted Neiman Marcus to the breach in mid-December and the Dallas-based luxury chain is working with federal authorities and investigating the matter. Early reports indicate fewer than 1 million cards were compromised.
Target, which disclosed on Dec. 19 that credit and debit card data of 40 million accounts was taken, said that names as well as
Berger added that data security breaches are a serious problem for both consumers and businesses.
"Financial institutions, including credit unions, bear a heavy burden and incur steep losses reestablishing member safety after a data breach occurs. The number and scope of data breaches are significant, and the damage realized may surprise those who have not been intimately involved."
NCUA spokesperson John Fairbanks noted that CUs of all sizes are challenged by greater potential exposure to cyber attacks as they adopt new technologies to meet members’ needs. He said NCUA will be working with an interagency group on cyber security throughout the financial industry.
“As noted in the recent Letter to Credit Unions, the agency is taking steps to further strengthen the examination and supervision program in this area and to further strengthen our internal security programs in many areas, including data security,” said Fairbanks. “Credit unions will be expected to implement appropriate internal controls to better prevent, detect, and recover from cyber attacks.”
