Heartland Data Breach: Maine Credit Union Says Reported Fraud has Tripled

CU Staff Overwhelmed by Efforts to Aid Members, Replace Cards If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.

Last week a small credit union in Maine thought it had seen the last of the Heartland Payment Systems data breach that had affected 261 of its members' credit cards. Officials now report they weren't as lucky as they thought. The number of compromised cards now has tripled, and the fraud reported may top $70,000. Heartland Payment Systems data breach coverage

The HealthFirst Credit Union of Waterville had been notified by its card services department that 261 cards had been compromised. The fraud reports began on January 12, when a member called in saying her debit card had been used to take money from her account, says Lynda Quirion, a credit union employee. The credit union, she says, had been involved in compromises in the past, "but certainly not to this extent." In all, there were about 130 members who had money debited from their accounts. Shortly after the credit union finished contacting the 261 members, it received more bad news--another 550 more cards were affected. "We are trying to get a handle on all of this 'mess.' That puts our total cards compromised at a little over 800 cards," Quirion says. The total amount of fraud the credit union has tallied so far from member cards being debited is between $60,000 to $70,000.

"These funds were all withdrawn in the US, with most of the transactions taking place in Florida and Texas," Quirion says. The first couple of weeks, the transactions were happening at Wal-Mart, but much of the money is being debited at gas stations, convenience stores, fast food restaurants and some department stores.

Quirion expresses frustration at what the credit union's members and employees are being subjected to because of this breach. "The cost of replacing the cards is around $2,500, and we are a tiny credit union, and our employees 'wear many hats,' We've all been involved in blocking compromised cards, ordering new cards, and calling members regarding the breach since January 12," she says.

Quirion estimated that the employees at the credit union have spent about 300 hours to date working on containing the breach's fallout among its members.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.