Atomic Blog

Should CUs Worry About Industry Breaches

How do breaches affect credit unions? Are they shielding their member base, caught staring at the headlines but not acting, planning for the worst or just hopeful they will get lucky?

The financial services industry is under attack.

More than 1,300 breaches exposed more than 163 million reported records in 2019 with the banking/credit/financial category representing only about 7% of the incidents but more than 60% of the total reported records, according to the San Diego, Calif. based Identity Theft Resource Center (which is still tallying the damage)

The worst data breaches affecting the ITRC's banking/credit/financial category, based on reported records confirmed by various media sources and/or notification lists from state governmental agencies, included:

1. Capital One - 100 million records

2. Centerstone Insurance and Financial Services DBA BenefitMall Texas - 111,589 records

3. Auto Approve - 93,759 records

4. Nassau Educators Federal Credit Union - 86,773 records

5. JD Bank - 39,827 records

There were a handful of other credit unions breached as well including: Dominion Energy Credit Union (2,662 records), Florida A&M University Credit Union (2.329 records), and Town & Country Federal Credit Union (2.030 records).

Some credit union executives seem to underestimate the potential breach damage to their institution and membership, so CU Times elicited help from folks on the frontlines of the credit union cybersecurity war.

"In general, we must remember that the measure of credit union success comes from our members. Our members expect their information will be correct, delivered when they need, and where they need it. They expect all this to be done securely," Gene Frederiksen, executive director and CEO at the National Credit Union Information Sharing & Analysis Organization, said.

The St. Petersburg, Fla. based payments CUSO PSCU's Chief Information Officer Dave Stafford and Chief Information Security Officer David Bryant, teamed to provide guidance and recommendations. They noted there are two angles to consider when determining how breaches impact credit unions:

1. As owners of technical applications and infrastructure, credit unions and their processing partners can suffer from direct cyberattacks like any other entity. Members may lose faith in the credit union to protect their data and will do business elsewhere.

2. The second angle lies in the downstream impact of common breaches to large merchants, healthcare providers and repositories of payment card industry or personally identifiable information.

"Reports of increased cybercrime continue to surface daily and it will take a coordinated, focused effort from credit unions, their processing partners and their members to continue to properly address and combat threat." Stafford and Bryant said.

Blog post currently doesn't have any comments.