After another data breach, Congress pressed to act

Credit unions are looking for Congress to take up legislation following news of a new data breach that exposed millions of shoppers’ data.

The National Association of Federal Credit Unions on Friday told House and Senate leaders that revelations about the data breach at arts and crafts chain Michaels, which affected about 2.6 million customer debit and credit cards, are a reminder to act.


“In light of this and the numerous other large scale data breaches occurring on the heels of major breaches at Target and Neiman Marcus over the holidays, it is clear that Congress must take action to protect consumers’ financial information,” trade group CEO Dan Berger wrote in a letter.  

The Target and Neiman Marcus breaches that potentially affected more than 100 million people rattled Washington and led to a wave of hearings and proposed legislation.

However, lawmakers have sparred over which measures to implement. As a result, none of the bills has made it to the House or Senate floor, and momentum has largely stalled.

The credit union group chief wrote that retailers are not subject to the same data security standards as financial institutions, even though the banks and credit unions are often on the hook for refunding fraudulent purchases.

“Credit unions suffer steep losses in re-establishing member safety after a data breach occurs,” Berger wrote. “Moreover, as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data.”

He said that retailers should be responsible for fraudulent charges caused by their mistakes and meet a set of data security standards. Berger also advocated for a national law requiring companies to notify consumers if their information is stolen.