MADISON, Wis. (8/7/08)--The indictments of 11 people in the largest data breaches in history may be comforting news for consumers, but credit unions must stay on guard to protect their members' data, says CUNA Mutual Group. "The efforts of law enforcement to bring the perpetrators of these data thefts to justice are commendable," said Jeff Post, president/CEO of CUNA Mutual Group, commenting on the Justice Department's announcement Tuesday that 11 people had been indicted on fraud charges related to thefts at nine retailers, including TJX Cos. and BJ's Wholesale Club. "These breaches remain a crime of opportunity," Post added. "Data breaches such as TJX are enabled by retailers who continue to store personal account information against card association rules and with disregard for the safety of these very organizations' customer' credit card information. "If merchants would simply follow the card association rules, this supply of plastic card data would not be available to steal," Post said. Continued vigilance is needed, according to Chuck Cashman, director, credit union protection product management at CUNA Mutual. "This is just the tip of the iceberg. For every arrest of this magnitude, there are multiple other professional and amateur thieves trying to exploit the system," Cashman said. "If anything, more vigilance is needed since high profile cases inspire copy-cat crimes and challenge the fraud community to further 'beat the system.'" He noted that the total figure of losses for all these breaches isn't known "but obviously it is in the multi-millions." The data breaches hurt credit unions, which were among those footing the bill for costs related to reissuing compromised cards, helping members fix problems, and monitoring fraudulent transactions. CUNA Mutual Group had sued BJ's Wholesale Club to recoup credit unions' claims for losses in that breach. On June 12, the company learned the Massachusetts State Court in Boston granted BJ's and its bank, Fifth Third Bank, their motions for summary judgment in the lawsuit. "Essentially, we lost the first round at the trial court level," said Phil Tschudy, media relations manager at CUNA Mutual. "We respectfully disagree with the Trial Court's decision and have since appealed this decision. "CUNA Mutual will continue its efforts on behalf of the credit union system to hold merchants accountable and establish a right to fully recover for the losses caused by the failure of merchants and their acquirers to follow the rules prohibiting the storage and retention of credit and debit card data," Tschudy said. CUNA Mutual views as a "positive development" an appellate court's recent overturning a trial court decision in favor of Pennsylvania State Employees CU in a data breach case. The company "will also continue to support various league efforts to adopt legislation in their states that would make it clear that merchants are responsible for losses resulting from their failure to follow the rules," Tschudy said. TJX Cos., whose massive computer data breach affected an estimated 45 million to 94 million credit and debit card numbers, said banks and credit card agencies must work closely with retailers to protect customer privacy. "The sheer number of retailers attacked by these cyber-criminals demonstrates the much broader challenges in protecting sensitive customer data from this increasing threat," said TJX spokeswoman Sherry Lang (Orlando Sentinel Aug. 6). The international ring allegedly gained millions of dollars from ATMs using the stolen card numbers and laundered the funds in banks in Eastern Europe (News Now Aug. 6).