Heartland Data Breach: 27 New Institutions Linked Banks, Credit Unions Informing Customers of Potential Risks
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.

More than two dozen new institutions have come forward and informed their customers that their credit or debit cards were among those compromised in the Heartland Payment Systems (HPY) breach.

Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Heartland Payment Systems data breach coverage

The latest institutions to announce their connection to the breach are:

Warren Federal Credit Union, Cheyenne, MT;

Idadiv Credit Union, Nampa, ID;

Gate City Bank, Fargo, ND;

Provident Bank, Baltimore, MD;

MidFirst Bank, Tulsa, OK;

HealthFirst Federal Credit Union, Waterville, ME;

Sovereign Bank, Northeast U.S.;

Trustmark Bank, Jackson, MS;

Platte Valley Bank, Scottsbluff, NE;

Monroe Bank & Trust, Monroe, MI;

Bank of Oklahoma, Tulsa, OK;

BancFirst, Oklahoma City, OK;

CU Community Credit Union, Springfield, MO;

First Bank Blue Earth, Blue Earth, MN;

Wells Federal Bank, Wells, MN;

St. Mary's Bank, Manchester, NH;

Triangle Credit Union, Nashua, NH;

Bellwether Community Credit Union, Manchester, NH;

State Employee's Credit Union (SECU), Raleigh, NC;
Innovations Federal Credit Union, Bay County, FL (400 cards);
Summit Federal Credit Union, Rochester, NY (500 cards);
Farmers and Merchants Bank, Stuttgart, AR;
Arkansas County Bank, Stuttgart, AR;
The Central National Bank and Trust Company of Enid, Enid OK, (1600);
Adams Bank & Trust, Grant, NE;
Valley Bank & Trust, Gering, NE (16).

The news of these institutions informing their customers of the Heartland breach follows the filing of the first lawsuit against Heartland Payment Systems (HPY). One week after the Heartland Payment Systems (HPY) breach was announced, a class action lawsuit was filed by Chimicles & Tilellis LLP of Haverford, PA in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Cooper. It asserts that Heartland "made unreasonably belated and inaccurate statements concerning the breach."

The complaint says Heartland does not appear to be offering any credit monitoring services or other relief to consumers affected by the breach. Chimicles & Tilellis' complaint also says in addition to the questionable timing of the announcement of its breach, "there are materially misleading statements and omissions in Heartland's public description of the breach and its consequences."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network