How Much Did the Home Depot Breach Cost the Credit Unions?

Recently, the Credit Union National Association (CUNA) has released the preliminary results of a survey of over 800 credit unions and their costs associated with the massive Home Depot data breach earlier this year.

CUNA has posted an online questionnaire on its portal, inviting member credit unions to contribute by submitting various data on the after-effects of the Home Depot data breach. Of the 835 credit unions that have responded, 68 we not notified of any compromised cards, while another 223 did not have complete information regarding the costs of the estimates of the data breach cost. This leaves us with 544 credit unions whose information was used to calculate the cost estimates.

The 544 unions have re-issued over 20 million payment cards (credit and debit combined), which equals to 29.2% of the total of 69 million payment cards issued by the unions. CUNA estimates there to be about 7.2 million compromised credit and debit cards combined across all of the credit unions. The report further states that 80.1% of the respondents will reissue (or have already) all of the affected cards, 18.5% will reissue selectively, while 1.4% do not plan to reissue. Almost all of the unions received unusually high amount of member calls asking about the Home Depot data breach. As a result of the breach, 36.6% of credit unions had to increase staffing (overtime, extra shifts…). The average costs associated per affected card, across all the unions, was $8.02.

Here is the breakdown of the costs per card:

  • $2.64 – Card re-issuance
  • $4.89 – Fraud
  • $0.50 – All other costs

The total amounts to about $57 million (7.2 million affected cards x $8.02).

There are many articles on this topic online, arguing that the credit unions should not be paying for breaches of retailers, such as the Home Depot, because all the costs are transferred on to the customer, eventually. This is a valid point, but even Home Depot covers them, they will need to get the money for it somewhere, likely by slightly increasing the prices. This way, it’s still the customer who foots the bill. Let us know what’s your view on this in the comments section below.

For those of you wishing to read all of the results, you can get the report here.