Seamus McAfee, of CreditCards.com has posted a great article on the Heartland Breach.  To read

Heartland data breach damages still mounting

in it's entirety, click here. 

What follows is an excerpt:


The breach

Visa's move is one in a long string of events since Jan. 20, 2009,when, after being alerted by Visa and MasterCard of suspicious activitysurrounding processed card transactions, Heartland announced thatmalicious software had compromised its data in 2008. The datapotentially exposed through this breach includes card numbers,expiration dates and other data from the card's magnetic stripe, and insome cases, the names of customers who used debit or credit cards atHeartland's network of 250,000 businesses.

Heartland has not disclosed the extent of the breach, but industryofficials have described it as one of the largest in history. Banksacross the country moved quickly and began sending out replacementcards, and advised consumers to watch their account statements moreclosely than ever.
The residual fallout continues:
  • Heartland faces dozens of lawsuitsin federal and district courts, including one from an investor whofiled a claim in the U.S. District Court of New Jersey, on behalf ofall Heartland investors who lost money in Heartland from August 2008 toFebruary 2009.
  • United Bank also responded to the breach by re-issuing several of their debit and credit cards to a list of consumers supplied by Visa. MasterCard has not re-issued any of its cards.
  • Visaand Heartland released statements assuring their customers thatalthough Visa was suspending Heartland, the processor was still validin the Visa system. According to both companies, it was in response torivals' attempts to capture customers with false claims that usingHeartland could result in fines or certification problems.
  • Heartlandannounced it has fallen subject to formal inquiries by the Securitiesand Exchange Commission, the Federal Trade Commission, the U.S.Department of the Treasury's Office of the Comptroller of the Currency,as well as an investigation by the U.S. Department of Justice.
  • Heartland's stock valuehas plunged since the announcement of the breach, hitting a 52-week lowof $3.57 on March 12, since hovering close to $20 a share in earlyJanuary.
  • Credit unions have been hit hard by the breach, most notably the Healthfirst Credit Union,which has incurred losses on 800 cards, or 57 percent of their totalissued cards, and fraud exceeding $70,000 as a result of Heartlandbeing compromised
  • As of Feb. 12, more than 600 U.S. institutions have been impacted by the Heartland data breach, according to a list kept by Bank Info Security.
According to American Banker,many banks and credit unions are pursuing lawsuits to compensate forthe cost to notify customers of the breach, re-issuing cards andrepairing accounts for those affected by fraudulent activity. Lawsuitsagainst breached companies have seen little success in recent years. In2007, TJX Companies agreed to pay $40.9 million in settlements to Visaissuers after announcing a breach with the agreement the banks wouldnot sue the retailer, but the case was never granted class-actionstatus...

Continue Reading at CreditCards.com

Reblog this post [with Zemanta]

Posted by John B. Frank Wednesday, April 1, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers