November 4, 2014 by

How Much Did the Home Depot Breach Cost the Credit Unions?

Recently, the Credit Union National Association (CUNA) has released the preliminary results of a survey of over 800 credit unions and their costs associated with the massive Home Depot data breach earlier this year.

CUNA has posted an online questionnaire on its portal, inviting member credit unions to contribute by submitting various data on the after-effects of the Home Depot data breach. Of the 835 credit unions that have responded, 68 we not notified of any compromised cards, while another 223 did not have complete information regarding the costs of the estimates of the data breach cost. This leaves us with 544 credit unions whose information was used to calculate the cost estimates.

The 544 unions have re-issued over 20 million payment cards (credit and debit combined), which equals to 29.2% of the total of 69 million payment cards issued by the unions. CUNA estimates there to be about 7.2 million compromised credit and debit cards combined across all of the credit unions. The report further states that 80.1% of the respondents will reissue (or have already) all of the affected cards, 18.5% will reissue selectively, while 1.4% do not plan to reissue. Almost all of the unions received unusually high amount of member calls asking about the Home Depot data breach. As a result of the breach, 36.6% of credit unions had to increase staffing (overtime, extra shifts…). The average costs associated per affected card, across all the unions, was $8.02.

Here is the breakdown of the costs per card:

  • $2.64 – Card re-issuance
  • $4.89 – Fraud
  • $0.50 – All other costs

The total amounts to about $57 million (7.2 million affected cards x $8.02).

There are many articles on this topic online, arguing that the credit unions should not be paying for breaches of retailers, such as the Home Depot, because all the costs are transferred on to the customer, eventually. This is a valid point, but even Home Depot covers them, they will need to get the money for it somewhere, likely by slightly increasing the prices. This way, it’s still the customer who foots the bill. Let us know what’s your view on this in the comments section below.

For those of you wishing to read all of the results, you can get the report here.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward

Cyberattacks ‘Could Lead to Inadvertent Missile Launches’, Says Think Tank

A number of nuclear weapons systems in the United States, Britain and other countries are at risk...

Read more arrow_forward

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward