WASHINGTON — The data security breach at Home Depot stores in September cost credit unions $57.4 million to cover card reissuance, plus fraud and other expenses, according to a new survey released Thursday by CUNA.
The trade group conducted the survey between Oct. 1 and 24. It asked credit unions to report the effects of the Home Depot breach (first announced Sept. 18). The survey found 7.2 million CU debit and credit cards were affected, with the cost of violation per card $8.02.
CUNA noted it conducted a similar survey in the wake of a data breach at Target stores last December. While the Target breach cost credit unions nearly $30 million, the cost of the Home Depot breach currently is at $57.4 million — nearly twice as much. The Home Depot breach affected more CU debit and credit cards and the cost per affected card was considerably higher.
"The cost to credit unions of data breaches — which seem to be occurring with increasing regularity — is rising, as the CUNA surveys clearly demonstrate," said CUNA President and CEO Jim Nussle. "The bottom line is that credit union members end up paying the costs — despite the fact that the credit unions they own had nothing to do with causing the breach in the first place."
CUNA Chief Economist and Chief Policy Officer Bill Hampel, who conducted the survey, said the results show that more than four in every five (80.1%) of credit unions affected by the breach have reissued or will reissue all affected cards.
Nearly one in five (18.5%) will reissue or have selectively reissued cards in response to member requests or other factors. The remainder — 1.4% — do not plan to reissue any cards.