The Consumer Bankers Association, which represents the retail banking industry, revised the initial cost of the Target data breach to its members last Thursday, up from $153 million initially reported in January to $172 million.
The CBA said in January it had reissued over 15 million debit and credit cards to its members. The average cost to replace each card, according to the CBA, is $10—the cost includes the card itself, informing consumers of a card reissue, shipping and activation and additional communication requirements.
Last week, however, the CBA said its members had reissued over 17 million debit and credit cards to its members.
“When retailers say this data breach comes at no cost or liability to consumers they are right – because its banks and card issuers who are on the hook often at little or no cost to retailers like Target,” CBA CEO Richard Hunt said. “Retailers should recognize the costs of data breaches snowball with time and they should take responsibility when they are at fault.”
The CBA said the cost to replace the cards does not include any fraudulent activity that occurred or might occur in the future, adding that fraudulent activity would push the cost of the Target data breach even higher.
In response to the breach, the CBA and other financial services trade groups have called for the establishment of a national data security breach and notification standard, as well as making entities that experience data breaches to bear the costs of the breach.