News Stay informed about the latest enterprise technology news and product updates.

Credit unions, banks replace credit cards after Heartland breach

Financial institutions notify customers and reissue or block payment cards affected by the intrusion at payment processor.

Scores of credit unions and banks are notifying customers and issuing new credit cards in the wake of the Heartland Payment Systems Inc. breach.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The Princeton, N.J.-based payment processor announced Jan. 20 that its system was breached last year when intruders installed malware that snatched data crossing the company's network. Heartland hasn't disclosed the number of credit cards affected, but notifications from many financial institutions across the country indicate the potentially massive scale of the breach.

State Employees' Credit Union in North Carolina said more than 60,000 of its members were affected by the Heartland breach. To protect its members, the credit union reissued new credit card numbers and personal identification numbers for members that were possibly compromised.

Heartland data security breach:
First lawsuit filed in Heartland data security breach: A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.

Payments processor discloses massive data breach Company says an intrusion of its processing system may be part of a broader fraud operation.

Data breach study ties fraud losses to Hannaford, TJX breaches: Experts say breach costs are far reaching and could lead banks and merchants to find alternative payment methods.

"We're taking the most costly but the most conservative approach," said Leigh Brady, senior vice president of education services at SECU.

Leanne Phelps, senior vice president of SECU's Card and Record Services department said in a statement released Sunday, "The breach at HPS has probably affected every financial institution in the country; while not all institutions will reissue cards and PINs, SECU feels it can best protect its members with this action."

Industry observers have said the Heartland breach could be larger than the TJX data security breach, in which 45.7 million credit and debit cards were stolen. Heartland serves more than 250,000 businesses and handles more than 4 billion transactions per year.

"Although the exact number of affected cards is not known, it is expected to be many millions," Chuck Cashman, plastic card insurance product executive at CUNA Mutual Group, a Madison, Wis.-based provider of financial services to credit unions, said in a prepared statement last week.

About 4,000 Washington State Employees Credit Union members were affected by the Heartland breach, said spokeswoman Ann Flannigan. The credit union is processing a complete reissue of affected debit and credit cards.

"We go to great lengths to protect our membership and it is standard for us to reissue cards automatically when we get notification of something like this. It's costly -- both in terms of dollars and personnel time -- but it's the right thing to do on our members' behalf and one of those things we think distinguishes WSECU from other institutions," Flannigan wrote in an email. "It's not acceptable for us to wait and see if something happens. We're proactive."

In a notice on its website, Notre Dame Federal Credit Union said it had blocked a few more than 2,000 cards that were reported as compromised in the Heartland breach.

"The decision to block the affected cards was made for the cardholder's protection, as well as for that of the credit union," the organization said. While the credit union said it hasn't discovered any fraud on its members' accounts, it added, "the threat of fraud is very real, and therefore, all exposed cards were blocked, and new cards have been issued for affected members."

The Association of Vermont Credit Unions said the Heartland breach affected 6,000 cards at credit unions on its ATM/debit card program, as well as thousands more at other Vermont credit unions.

The association said its processor, Fifth/Third Processing Solutions, informed it of the breach Jan. 9 as details were unfolding, prompting it to begin working with its credit unions, its processor and MasterCard to deactivate and reissue compromised cards.

Other financial institutions affected by the Heartland intrusion include:

  • TD Bank and TD Banknorth said some customers were affected. The organization is monitoring cards for suspicious activity but said it doesn't have plans to reissue credit or debit cards, citing the strength of its fraud detection software.
  • PeoplesChoice Credit Union in Maine said some members were affected and will receive new cards. Most of its members will be unaffected, the organization said.
  • Wright-Patt Credit Union in Ohio said it was reissuing credit and debit cards to members whose cards were affected by the breach.
  • Heartland said the breach did not affect merchant data, cardholder Social Security numbers, unencrypted personal identification, addresses or phone numbers.

    On Tuesday, a Pa.-based law firm filed a class-action lawsuit against Heartland, claiming the company issued belated and inaccurate statements when it announced its systems were hacked.

  • Dig Deeper on Debit and credit card fraud prevention

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.