Banks and credit unions have spent more than $200 million replacing cards affected by the data breach at Target late last year, according to data from top trade groups.
The Consumer Bankers Association found that its member banks have spent $172 million responding to the hack. Credit unions have paid $30.6 million, according to the Credit Union National Association.
“Financial institutions of all sizes have been aggressive in ensuring their customers are protected in response to the Target data breach,” Richard Hunt, the head of the bankers’ group, said in a statement on Tuesday.
The estimated costs do not include fraudulent charges, for which consumers are refunded.
Information about 40 million shoppers’ debit or credit cards was potentially exposed in the hack during the holiday shopping season. Additionally, 70 million shoppers might have had sensitive personal information like their names, addresses or phone numbers stolen.
The hack, along with a similar data breach at Neiman Marcus and possible incidents at the craft store Michaels and elsewhere, have raised concerns about cybersecurity standards at top retailers and triggered a series of actions of Capitol Hill. Multiple committees in the House and Senate have held hearings on the issue.
Earlier this month, a top Target executive told lawmakers that the company was “deeply sorry” for the incident.
Some lawmakers have said that a new law could be necessary to protect shoppers’ data.
Almost all sides have expressed support for a national law requiring stores and government agencies to notify people if their data may have been compromised. Dozens of states have laws of their own on the books, but there is no single national standard.