November 4, 2014 by

How Much Did the Home Depot Breach Cost the Credit Unions?

Recently, the Credit Union National Association (CUNA) has released the preliminary results of a survey of over 800 credit unions and their costs associated with the massive Home Depot data breach earlier this year.

CUNA has posted an online questionnaire on its portal, inviting member credit unions to contribute by submitting various data on the after-effects of the Home Depot data breach. Of the 835 credit unions that have responded, 68 we not notified of any compromised cards, while another 223 did not have complete information regarding the costs of the estimates of the data breach cost. This leaves us with 544 credit unions whose information was used to calculate the cost estimates.

The 544 unions have re-issued over 20 million payment cards (credit and debit combined), which equals to 29.2% of the total of 69 million payment cards issued by the unions. CUNA estimates there to be about 7.2 million compromised credit and debit cards combined across all of the credit unions. The report further states that 80.1% of the respondents will reissue (or have already) all of the affected cards, 18.5% will reissue selectively, while 1.4% do not plan to reissue. Almost all of the unions received unusually high amount of member calls asking about the Home Depot data breach. As a result of the breach, 36.6% of credit unions had to increase staffing (overtime, extra shifts…). The average costs associated per affected card, across all the unions, was $8.02.

Here is the breakdown of the costs per card:

  • $2.64 – Card re-issuance
  • $4.89 – Fraud
  • $0.50 – All other costs

The total amounts to about $57 million (7.2 million affected cards x $8.02).

There are many articles on this topic online, arguing that the credit unions should not be paying for breaches of retailers, such as the Home Depot, because all the costs are transferred on to the customer, eventually. This is a valid point, but even Home Depot covers them, they will need to get the money for it somewhere, likely by slightly increasing the prices. This way, it’s still the customer who foots the bill. Let us know what’s your view on this in the comments section below.

For those of you wishing to read all of the results, you can get the report here.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data...

Read more arrow_forward