Credit unions confirm new processor credit card breach

The Pennsylvania Credit Union Association and the Tuscaloosa, Ala. VA Federal Credit Union warn of a new payment processor data security breach.

A payment processor is in the process of identifying the extent of damage caused by a malicious program discovered in its systems exposing credit and debit card numbers.

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

MasterCard and Visa are issuing information to banks and credit unions about credit and debit card accounts that were exposed in the data security breach of a second payment processor in less than two months.

The Pennsylvania Credit Union Association and the Tuscaloosa, Ala. VA Federal Credit Union posted messages on their websites explaining that a breach investigation is ongoing. Both Visa and MasterCard are declining to name the processor while a forensics team investigates the breach. Investigators are also trying to find a link between the latest breach and the recently announced Heartland Payment Systems breach, a credit union official said under condition of anonymity.

Heartland breach:
Three men arrested in connection with Heartland breach: Trio arrested in Florida after allegedly using stolen credit card numbers for purchases at local Wal-Marts, officials said.

Credit unions, banks replace credit cards after Heartland breach: Financial institutions notify customers and reissue or block payment cards affected by the intrusion at payment processor.

Visa began releasing information to banks and credit unions about affected accounts on Feb. 9. A vulnerability left potentially thousands of credit and debit card numbers exposed for a period between February 2008 through January 2009, according to an alert issued by the Tuscaloosa VA Federal Credit Union.

"We have not been notified that any of our cardholders have fraudulent activity due to this compromise," the message stated. "While it has been confirmed that malicious software was placed on the processor's platform, there is no forensic evidence that accounts were viewed or taken by the hackers."

Credit union officials said it appears the breach is not as serious as the Heartland breach. Heartland announced Jan. 20 that its systems were compromised by a hacker in 2008. The breach forced hundreds of banks and credit unions to replace thousands of credit and debit cards. In the latest breach, only account numbers and expiration dates were exposed and it's unclear whether the exposed data was even accessed by a hacker.

The Pennsylvania Credit Union Association is advising its member credit unions to wait for further information before reissuing credit and debit cards. A person within that organization said that it comes down to the risk each individual credit union is willing to accept. Customers would not be responsible for fraudulent use of their credit or debit cards.

Dig deeper on Debit and credit card fraud prevention

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close