Continuing Avalanche of Data Breaches: A Call to Action from NCUA in 2017 Follows the 2016 Warnings

Despite a heightened understanding and awareness of the importance of strong cyber security by everyone, the trend of data breach attacks continues to increase - impacting thousands of businesses and millions of individuals.  Last year, there was a 40% increase over 2015 in the number of businesses that were impacted by data breaches. Businesses of all sizes were hacked by criminals that used techniques such as ransomware and non-malware attacks to steal data.
 
No organization is safe from a data breach.  It’s no longer a question of “if”, but “when” a business will have its data compromised…per retired FBI special agent
  
Over the last five years, data breaches have recurrently made headline news as large businesses such as; Yahoo, Target, Home Depot, Dropbox, Ebay, JP Morgan Chase, Anthem and Living Social, were hit by hackers. Thousands of credit union cardholder members were impacted by these hacks.  Yahoo’s 2013 and 2014 hacks took 2-3 years to discover; allowing the criminals and black market even more time to devastate the victims’ identities. Most recently, restaurant chain Arby’s was hacked by malware that affected 1,000 restaurants and even more credit union members – very much like Wendy’s ’16 breach.
 
Although there are steps that organizations can take to help make themselves less vulnerable to a data breach, it is impossible for any organization to guarantee it won’t happen. 
 
Nearly two-thirds of Americans (64%) have personally been victims of data breaches. And 65% of US Consumers are terrified of experiencing an ID theft.
 
According to Pew Research Center’s most recent survey:

• 41% of Americans have encountered fraudulent charges on their credit cards.
• 35% have received notices that some type of sensitive information (like an account number) had been compromised.
• 16% say that someone has taken over their email accounts, and 13% say someone has taken over one of their social media accounts.
• 15% have received notices that their Social Security number had been compromised.
• 14% say that someone has attempted to take out loans or lines of credit in their name.
• 6% say that someone has impersonated them in order to file fraudulent tax returns.

 
To make matters worse, coinciding with the rise of data breach victims, there is now the new threat of Civil and Class-Action Lawsuits facing the businesses from these victims – driving new legal and settlement costs.
 
The aftermath of big company data breaches is almost always characterized by class-action lawsuits.  While not every litigation makes its way to the public eye, it is becoming more and more common for organizations of all sizes to face a civil or class-action lawsuit after a data breach.  The best way that credit unions and other organizations can protect themselves against litigation is to have a trusted Fully Managed Recovery System in place, such as Vero's IDProSelect.

The majority of Americans expect cyberattack on the nation’s banking and financial systems.
 
Many Americans lack confidence that various public and private institutions will be able to protect their personal information from bad elements.  While Americans often first turn to their financial institution after finding out that they’ve been a victim of a data breach, the majority of them also fear that a major cyberattack will occur on the nation’s banking and financial systems within the next five years.  Organizations that have implemented a Fully Managed Recovery System often have clients and members that have greater peace-of-mind.
 
Having programs in place for cyber security and data breach response is no longer just an option for credit unions.  For the second year in a row, the NCUA’s Supervisory Priorities have mandated that credit unions have a plan for 1) cyber security 2) member response and 3) fraud prevention.  Vero’s IDProSelect helps credit unions address these areas of NCUA's 2017 Supervisory Priorities. 
 
For more information on how your organization can protect itself from the ramifications of a data breach or to receive more information on Vero’s  IDProSelect, please contact Jim McCabe at jmccabe@veroproducts.com or call (480) 748-0403.