A credit card breach last fall affecting thousands of Inland Northwest grocery store customers cost local credit unions at least $687,000, a trade group reported.
The Northwest Credit Union Association asked 21 Eastern Washington credit unions how the URM breach impacted their bottom line, both in card fraud and the cost of replacing customers’ cards. Eleven responded.
The results of the survey:
• The total URM losses of $687,598 for the 11 credit unions, included $491,835 in fraudulent purchases, along with $195,763 for replacing debit or credit cards.
• A separate survey about the Target Corp. credit card breach found 31 Washington state credit unions reporting a loss of $1.9 million. The Target survey asked only for the replacement cost for about 190,000 credit or debit cards, said Lynn Heider, vice president with the Northwest Credit Union Association.
The association conducted the survey in January while the impact of the Target breach was still being determined, she said.
URM Stores is a Spokane-based grocery store cooperative that provides food distribution and financial data processing. In November it reported that a network breach led to exposure of personal card data for customers of 67 stores in Eastern Washington, Idaho, Montana and Oregon.
During the busy Thanksgiving week, URM officials asked its member stores to stop accepting credit card payments until the cause of the breach was identified and isolated.
As reports of card fraud poured in, Eastern Washington and Idaho financial institutions had to replace cards and cover the losses related to fraudulent purchases.
Among the stores affected were Yoke’s Fresh Market, Super 1 Foods, Harvest Foods and Stein’s Market.
Heider said it’s not clear why 10 area credit unions didn’t provide survey answers. “It’s possible some of them felt little impact and saw little reason to reply,” she said.
While no one has prepared a full financial impact from the URM breach, credit union and bank managers say the number of cardholders affected is in the thousands.
Though the survey found a larger dollar amount statewide for the Target breach, the URM losses are more severe for local banks and credit unions, said Debie Keesee, CEO of Spokane Media Federal Credit Union.
“The URM impact was much more concentrated in this area than Target,” Keesee said.
Cards compromised in the URM breach were used for purchases across the country as well as in India and other countries, credit union managers reported.
URM officials have not identified the cause of the breach and said it may have occurred either at the local store level or within the URM data hub.
Spokane’s Secret Service office is coordinating the criminal investigation of the URM breach. Office director Kevin Miller said he was not able to comment on its progress.
The URM breach is likely the largest single credit-fraud breach originating in Eastern Washington, area financial services managers said.
Heider said the NWCUA conducted the survey before taking delegates to Washington, D.C., to argue for stricter card security regulations for retail merchants.
Under present rules, banks and credit unions end up covering the bulk of the losses from fraudulent card use, despite following more stringent security guidelines than retailers, Heider said.
Keesee, who serves on the credit union association board and went on the trip, said the Washington visit led to requests for more information from Washington’s two senators and Rep. Cathy McMorris Rodgers.
Banks and credit unions carry insurance against fraud loss, but the terms and conditions vary. Some institutions, such as Sears Employees Federal Credit Union, will bear a higher cost because of restrictions and insurance deductions. Sears reported card fraud losses of $43,000 from the URM breach, and it will have to pay more than $30,000 of that amount, said CEO Mark Smith.