Heartland Data Breach: 500+ Institutions AffectedRelated Phishing Scam Uncovered in Texas
Little more than a month ago, on Jan. 20, Heartland, a Princeton, NJ-based payments processor, went public that it had discovered hackers had gained access to its computer networks and had been able to see credit card and debit card numbers as they were processed for several months in 2008. The nation's sixth largest payments processor, Heartland said it processed an average of 100 million transactions each month in 2008, and has about 175,000 retail and merchant customers for which it handles credit and debit transactions across the U.S.
Three customer class action suits have been filed in U.S. Federal Court in New Jersey against the payments processor by Philadelphia-based law firms. No class action suit on behalf of institutions affected by the breach has been filed yet.
Three men were arrested and charged with using "cloned" or counterfeit cards with stolen credit card numbers from the Heartland breach in Tallahassee, FL earlier this month, but no further arrests have been made in the case. The three men arrested in the Florida fraud case were described as lower-level players, but law enforcement continues to follow the trail of fraud and credit cards stolen in the Heartland breach that have been used in Mexico, Texas, Florida and other states.
Related Phishing Scam Hits Texas Bank
A bank in Texas reports that its customers are being targeted in a phishing scam related to the Heartland breach. Extraco Bank in Killeen, TX had to replace 9,000 cards that were compromised. On Saturday, the bank told customers in an email that if they received a text message or page that told them to call an 866 number and asked for debit or credit card number, expiration date and PIN numbers, to contact the bank. It is a phishing scam, the bank told its customers.
The local paper, The Killeen Daily Herald, reported the bank's phishing scam on Sunday. Identical scams were already reported in other local area cities, says Extraco. The bank is working with AT&T and the U.S. Secret Service to trace the scammer and get the number disconnected.