On Wednesday, National Association of Federally-Insured Credit Unions (NAFCU) Board Treasurer and President and CEO of Mission Federal Credit Union, Debra Schwartz, testified during a hearing titled, "Data Security: Vulnerabilities and Opportunities for Improvement," held by the Subcommittee on Financial Institutions and Consumer Credit.
As data security standards remain a subject of considerable debate in the financial services sector, Schwartz detailed the impact of the recent data breaches on credit unions, and outlined key data security principles Congress can take to hold other entities to similar standards as financial institutions.
“Credit unions suffer steep losses in re-establishing member safety after a data breach occurs," Schwartz’s testimony states. "They are often forced to charge off fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems.”
Schwartz continued to explain, “Moreover, as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum federal standards for protecting such data."
According to the subcommittee’s memorandum, as the public is still recovering from the aftermath of Equifax’s breach, “congress must thoroughly examine data security vulnerabilities and the shortcomings of the existing federal and state regulatory regimes to identify any gaps in data security regulation and highlight opportunities for reform.”
In the November 2017 edition of DS News' sister publication, MReport magazine, the cover story “Threat Assessment” explores the top five ways companies are vulnerable to having their data hacked—brute force access, malware attack, phishing, privilege misuse, and physical theft. Additionally, reporting industry experts’ insights.
“When it comes to data breaches such as Equifax, the threat doesn’t go away with time,” said Dan Jones, VP of Technology & Sales Support at Churchill Mortgage. “Literally in 10 years, someone could buy that list again and try to take out a mortgage or even attempt a HELOC in someone else’s name.”
According to Todd Hougaard, a Software Product Manager at Mortgage Cadence, an Accenture Company, the mortgage industry must be wary of future fraudulent activities.
“It’s quite possible that we are entering a new period of criminal fraud activity in this industry,” said Hougaard. “If we are forced to assume that bad actors now have sensitive financial information for most consumers and that these criminals are experts at manufacturing fake online identities based on this new information, what additional protections are going to be required?”
MReport has been following the issue of data breaches, delving into detail on the matter—and what can be done to protect yourself—in the November 2017 edition, out now.