Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/30/2014
12:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NEW: Home Depot breach cost credit unions nearly $60M

Target breach cost credit unions nearly $30 million.

WASHINGTON (10/30/14, UPDATED 11:00 a.m. ET)--The data security breach at Home Depot stores in September cost credit unions nearly $60 million to reissue cards, deal with fraud and cover other costs, according to the results of a new survey of credit unions, released today by the Credit Union National Association.

The Home Depot breach was reported on Sept. 18.

The CUNA survey, which asked credit unions to report the effects of the Home Depot breach, found that 7.2 million credit union debit and credit cards were affected. The survey shows that the cost per card reissued by credit unions was $8.02, which included costs for reissuing, as well as fraud and other costs such as additional staffing, member notification, account monitoring and others).

Conducted from Oct. 1 to Oct. 24, the CUNA survey is the second this year by the nation's largest trade group for credit unions to gauge the impact of data breaches on credit unions.

In January, CUNA conducted a similar survey in the wake of the massive information leak at Target stores in December. That survey found that the Target breach cost credit unions nearly $30 million. The Home Depot breach costs--at $57.4 million nearly twice as much as the Target breach--affected more credit union debit and credit cards and the cost per affected card was considerably higher than even in the Target breach.

Further, the most recent CUNA survey found that, to date, credit unions have not been reimbursed for the costs they incurred as a result of the Target breach. 

"The cost to credit unions of data breaches--which seem to be occurring with increasing regularity--is rising, as the CUNA surveys clearly demonstrate," said CUNA President/CEO Jim Nussle. "The bottom line is that credit union members end up paying the costs--despite the fact that the credit unions they own had nothing to do with causing the breach in the first place."

Nussle added that all participants in the payment process have a shared responsibility to protect consumer data. "However, the law and the incentive structure today allow merchants to abdicate that responsibility, making consumers vulnerable," Nussle said.

"Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others.

"Congress must act to protect consumers by taking steps to enhance data security standards for merchants," the credit union leader said.

CUNA Chief Economist Bill Hampel, who conducted the survey, said the results show that more than four in every five (80.1%) of credit unions affected by the breach have reissued or will reissue all affected cards. Nearly one in five (18.5%) will reissue or have selectively reissued cards in response to member requests or other factors. The remainder (1.4%) do not plan to reissue any cards.

"Card reissuance is an expensive proposition, representing about a quarter of the total costs to credit unions of these breaches," Hampel, who is also CUNA chief policy officer, said. "But our latest survey found that fraud is the most expensive component of costs, amounting to $4.89 for each card, or 60% of the total costs."

Credit unions responding to the survey (835 total) have issued a total of 20.1 million cards outstanding, comprised of 14.9 million debit cards and 5.2 million credit cards. The total represents 28.2% of the 53 million debit cards issued by credit unions, 32.5% of the 16 million credit cards outstanding, and 29.2% of the total of 69 million cards outstanding.

Check back here today to see a "Preliminary Results" sheet for additional information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14994
PUBLISHED: 2019-09-19
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version...
CVE-2019-15000
PUBLISHED: 2019-09-19
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6....
CVE-2019-15001
PUBLISHED: 2019-09-19
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain rem...
CVE-2019-16398
PUBLISHED: 2019-09-19
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVE-2019-11779
PUBLISHED: 2019-09-19
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.