Fraud Incidents Tied to Heartland Data Breach

Credit Unions Report Fraudulent Charges Against Members' Cards
Fraud Incidents Tied to Heartland Data Breach
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.

The fraud against 16 credit cards of CU Community Credit Union members over one weekend last November puzzled the credit union's staff. The Springfield, MO-based credit union discovered nearly $11,000 in fraudulent charges against those cards.

At the time, the credit union didn't know what the fraud was related to, but staffers knew other financial institutions in the area were experiencing similar fraud, says Jenny Reynolds, vice president of marketing for the credit union. The credit cards were immediately blocked, and customers' accounts credited. Heartland Payment Systems data breach coverage

It wasn't until the credit union was contacted by its credit card company about the Heartland Payment Systems (HPY) data breach that the connection was made.

CU Community Credit Union is one of an unknown number of institutions that have been hit by the Heartland breach that was first made public on January 20.

HealthFirst Federal Credit Union in Waterville, ME. Also had cards compromised in the breach. "This has been quite a ride for us," says Lynda Quirion, a credit union employee. "We've been involved in 'compromises' in the past, but certainly not to this extent."

HealthFirst was notified this week by its card services area that 261 of the credit union's member cards were compromised. However, Quirion explains that this wasn't when the card compromise first came to light. "On the morning of January 12, we got a call from a member who had money taken from her account by debit card and claimed the transactions were not hers," Quirion says. In all, there were about 130 members who had money debited from their accounts.

The credit union has cancelled all cards involved in the compromise and reissued new cards and PINs. "The cards were all VISA debit cards," Quirion says. The credit union did not receive notification of the compromise from VISA until this week. The credit union also had 38 MasterCard credit cards that were compromised. "A few of those experienced fraud on those cards, but that happened before January 12," Quirion says.

Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud.

Heartland has stated that each month last year it processed 100 million card transactions.

For more on the Heartland data breach, see our resource page


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.