Heartland Update: More than 650 Institutions Impacted

While it's hard to get a handle on just how many consumers were affected by the Heartland Payment Systems (HPY) data breach, the total number of institutions now reporting card compromises is at 656.

The tally reflects many banks and credit unions with losses of thousands of dollars to fraud, along with the costs associated with monitoring and card replacement, which has led to several class action suits being filed against the payments processor. On Wednesday, a federal court judge on the Judicial Panel on Multidistrict Litigation in Louisville, KY was to hear the case for consolidating several of the class action suits. The judge will issue the courts ruling sometime after the hearing.

The class action suits from the financial institutions are not the only legal investigation ongoing against Heartland. The Federal Trade Commission hasn't said whether it is investigating the data breach, but the FTC's policy also is to neither confirm nor deny a non-public investigation. It did investigate the previous data breach at CardSystems Solutions in 2005. Along with the possible FTC investigation and the financial institution class action suits, a number of class action suits have been filed against the payments processor on behalf of consumers, along with securities fraud class action suits filed against the company on behalf of its investors.

The banks and credit unions issuing Visa cards that were affected by the Heartland breach had a deadline of May 19 to file claims to recover costs. Robert Alandt, Senior Business Leader at Visa did not disclose how many institutions met that deadline. Instead, he says of the recovery process the credit card company has in place for institutions, "Visa's Account Data Compromise Recovery process (ADCR) serves as an efficient framework for determining an acquirer's liability in the event of a compromise of sensitive magnetic stripe data. The process has successfully met the challenge of easing the recovery process and reducing associated costs while balancing the needs of the payments system."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.