Banks, Customers Feel the Fallout of Heartland Breach

In a sign of the scope of the data breach disclosed Jan. 20 by Heartland Payment Systems Inc., banks and credit unions from Maine to Washington state have begun reissuing credit and debit cards to customers.

There were also reports last week of fraudulent transactions involving cards that were compromised in the breach at Heartland, a large payment-processing firm in Princeton, N.J.

For instance, CU Community Credit Union in Springfield, Mo., said 16 compromised cards that it had issued were used to make about $11,000 worth of fraudulent purchases. "I haven't spoken to one financial institution that hasn't been affected by the breach," said Jenny Reynolds, the credit union's vice president of marketing.

Heartland has said intruders broke into its systems sometime last year and planted malware that they used to steal the card data. The number of compromised cards still isn't known. But Heartland processes more than 100 million transactions per month.

The Washington Credit Union League, a trade group in Federal Way, Wash., said some of its members have reported that more than half of their issued cards were compromised. The breach led the WCUL to push state legislators to revive a bill mandating specific data-protection controls for all merchants and third parties that process card transactions.

This version of the story originally appeared in Computerworld's print edition.

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon