Security breach compromises bank and credit cards across the US

Friday, March 6, 2009
Millions of bank and credit cards across the US were compromised in what is possibly one of the largest security breaches ever. For almost six months, hackers were using a 'sniffer' program to steal information from Heartland Payment Systems, a company that processes payments for over 250,000 businesses.

Many Dyer County residents received notices from their banks last month about compromised credit and debit cards.

The problem stems from a breach at Heartland Payment Systems, a company that processes payment card transactions for more than 250,000 businesses including many restaurants and retail stores.

Heartland became aware of the breach after Visa and Mastercard notified them of suspicious transactions linked to their accounts.

The company hired two breach forensics teams to investigate, and uncovered malicious software had been running on their payment-processing network from May 15 until Nov 13.

The software was designed to record data from the cards as the information was being sent to Heartland.

The types of information potentially compromised by the breach are card numbers, expiration dates, cv code, and in some cases, the name of the cardholder.

Robert Baldwin, Heartland's president and chief financial officer, stated that with the type and amount of data stolen, identity theft was not likely.

"In this case, the amount of information we know they did not get is long enough that, except in very circumscribed cases, identity theft is just not possible," said Baldwin.

Although the threat of identity theft is low in this case, the information could be used to create fake bankcards that could then be used to purchase items.

The cardholder has zero liability as long as fraudulent activity is reported in a timely manner (usually 120 days).

While some larger corporations and banks may choose to take a passive stance, canceling cards only if suspicious activity is reported, smaller local banks tend to be more proactive.

First Citizens National Bank has reissued over 8,000 new cards due to the incident, and Security Bank has reissued thousands more.

"Whenever there is a situation like this, our response is to alert the customer, shut the card down, and reissue the card," said FCNB Executive Vice President Judy Long. "Rest assured that First Citizens is making every effort to protect (customer) information from unauthorized access."

Both banks have safeguards to protect their customers from fraud, but suggest everyone help protect themselves by monitoring their bank and credit card statements, shredding old bills and receipts, and locking up checkbooks and records.

"When people think of vaults, they usually picture a vault of money like the one downstairs," said Security Bank President David Hayes. "Now we have vaults of cash, and vaults of information, and it's important to protect both."

At least one local bank is involved in a class-action lawsuit filed against Heartland in February to help offset the cost of their protective measures.

As a result of this breach, Heartland is taking steps to increase security against cyber criminals.

Near the end of January, Heartland formed an internal department dedicated to the development of end-to-end encryption.

"I believe the development and deployment of end-to-end encryption will provide us the ability to implement increasing levels of security protection as they become needed," said Robert Carr, the company's chairman and CEO. "Heartland has been working on the development of end-to-end encryption, but in light of our recent data breach and the impact cyber fraud has had on the public and processors nationwide, we are ramping up our efforts."

View 2 comments
Note: The nature of the Internet makes it impractical for our staff to review every comment. Please note that those who post comments on this website may do so using a screen name, which may or may not reflect a website user's actual name. Readers should be careful not to assign comments to real people who may have names similar to screen names. Refrain from obscenity in your comments, and to keep discussions civil, don't say anything in a way your grandmother would be ashamed to read.
  • My husband and I were victims of this scandal. Our bank notified us about 3 weeks ago that we had unusual charges on our card, gave no other explanation, but credited our account immediately, and issued a new card. We ended up getting some really unusual stuff in the mail they had purchased, while they were testing the card. Security Bank was on top of the matter immediately, and handled all the paperwork, they made it a breeze, and we are thoroughly getting a giggle out of the things we have received through the criminal's attempts to see if the card would be challenged if stolen.

    We thank you Security Bank, for your promptness and professionalism!

    Watch out for these scammers, check your bank statement and credit report often, your bank might not always catch it!

    -- Posted by dizzylizzy on Sat, Mar 7, 2009, at 3:43 AM
  • As we seem to be in the technology age, it seems as if a computer genius could trace the viruses. I`m no computer buff, but it needs to stop and the perp needs to be prosecuted.

    -- Posted by The Riverman on Sat, Mar 7, 2009, at 10:20 AM
Respond to this story

Posting a comment requires free registration: