Heartland Data Breach: 500+ Institutions Affected Related Phishing Scam Uncovered in Texas
The number of financial institutions that stepped forward to say their customers' credit or debit cards were compromised because of the Heartland Payment Systems (HPY) data breach has now reached more than 500. Heartland Payment Systems data breach coverage

Little more than a month ago, on Jan. 20, Heartland, a Princeton, NJ-based payments processor, went public that it had discovered hackers had gained access to its computer networks and had been able to see credit card and debit card numbers as they were processed for several months in 2008. The nation's sixth largest payments processor, Heartland said it processed an average of 100 million transactions each month in 2008, and has about 175,000 retail and merchant customers for which it handles credit and debit transactions across the U.S.

Three customer class action suits have been filed in U.S. Federal Court in New Jersey against the payments processor by Philadelphia-based law firms. No class action suit on behalf of institutions affected by the breach has been filed yet.

Three men were arrested and charged with using "cloned" or counterfeit cards with stolen credit card numbers from the Heartland breach in Tallahassee, FL earlier this month, but no further arrests have been made in the case. The three men arrested in the Florida fraud case were described as lower-level players, but law enforcement continues to follow the trail of fraud and credit cards stolen in the Heartland breach that have been used in Mexico, Texas, Florida and other states.

Related Phishing Scam Hits Texas Bank

A bank in Texas reports that its customers are being targeted in a phishing scam related to the Heartland breach. Extraco Bank in Killeen, TX had to replace 9,000 cards that were compromised. On Saturday, the bank told customers in an email that if they received a text message or page that told them to call an 866 number and asked for debit or credit card number, expiration date and PIN numbers, to contact the bank. It is a phishing scam, the bank told its customers.

The local paper, The Killeen Daily Herald, reported the bank's phishing scam on Sunday. Identical scams were already reported in other local area cities, says Extraco. The bank is working with AT&T and the U.S. Secret Service to trace the scammer and get the number disconnected.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network