Security

Heartland Breach Affects 135 Banks and Credit Unions (So Far)

At least 135 banks and credit unions are reporting that their customer credit and debit cards were among those breached by intruders who hacked Heartland Payment Services last year. [Note that since this post was published, the number of financial institutions reportedly affected by the breach has risen to at least 220.] The Independent Community […]

Heartland_payment_systems

At least 135 banks and credit unions are reporting that their customer credit and debit cards were among those breached by intruders who hacked Heartland Payment Services last year. [Note that since this post was published, the number of financial institutions reportedly affected by the breach has risen to at least 220.]

The Independent Community Bankers of America association (ICBA) conducted a survey of its members to determine how many were notified by Heartland after the company disclosed on January 20th that hackers had breached its authentication system months earlier and obtained customer card account numbers and expiration dates, as well as an unspecified number of customer names.

Heartland acts as a middleman for authenticating and processing credit and debit card transactions between commercial entities -- such as restaurants and retail outlets -- and the financial institutions that issue the credit and debit cards to customers.

Heartland said it first learned of a possible breach in late October after Visa and MasterCard contacted it about suspicious transactions that appeared to indicate fraud. It took the company until mid-January, however, to find evidence of the breach on its system.

Heartland told the New York Times that the hackers had installed malicious software on its systemas early as May 2008. The company hasn't disclosed which of its customers were affected, but financial institutions that have since been contacted by Heartland stating they were affected by the breach have started to come forward.

According to the survey conducted by ICBA, 83 percent of its member financial institutions that responded to its survey said they had credit or debit cards compromised in the breach.

Bank Info Security has published a lst of 135 more than 220 financial institutions that say they've been affected and included, in some cases, the number of cards the institutions said were affected. Below are the institutions that reported the highest number of cards affected by the breach:

  1. Trustmark Bank, Jackson, MS (75,000)
  2. State Employee's Credit Union (SECU), Raleigh, NC (60,000)
  3. State Employee's Credit Union (SECU), Raleigh, NC (56,000)
  4. GECU, El Paso, TX (25,000)
  5. Bangor Savings Bank, Bangor, ME (18,000)
  6. Wright-Patt Credit Union, Dayton, OH (17,200)
  7. Canadian Tire Financial Services, Niagara, Ontario, Canada (15,000)
  8. Capitol Federal, Topeka, KS (14,000) See also: