Several local banks and credit unions are among scores of financial institutions nationwide reissuing credit and debit cards linked to the massive data security breach at Heartland Payment Systems, one of the nation's largest payment processors.
Heartland, which processes about 100 million transactions a month for about 250,000 restaurants, retailers and other businesses, disclosed last month that hackers used spyware to steal card numbers and expiration dates from an undetermined number of cards late last year. Heartland estimated the attack exposed cards used at 175,000 merchants.
Heartland is still assessing the damage, but some experts are saying the incident could prove to be the largest data breach ever.
No merchant data, cardholders' Social Security numbers, personal identification numbers, addresses or telephone numbers were believed to be compromised, according to Heartland. In a small percentage of cases, the name of the cardholder may have been taken, the company said.
So far, nearly 400 financial institutions have reissued credit and debit cards that were compromised in the breach, according to bankinfosecurity.com. They include Pittsburgh-based Dollar Bank, Charleroi Federal Savings Bank in Charleroi, Elliott Federal Credit Union in Jeannette and Cincinnati's Fifth Third Bancorp.
Dollar Bank reissued debt and credit cards for roughly 3 percent of its customers last month as a precaution, spokesman Jim Carroll said. At Elliott Federal Credit Union, about 10 percent of members with cards received new ones as a precaution, Chief Executive Officer Jim Benson said.
Fifth Third Bank is replacing credit and debit cards on a case-by-case basis when the bank detects unauthorized access to an account, spokeswoman Stephanie Honan said. "All of the cards potentially impacted were monitored and looked at on an individual basis," she said. "If we see unauthorized access, we reissue them."
Charleroi Federal decided to reissue all of its debit cards as an extra measure of security after receiving an alert from Visa's fraud control department about the number of cards that could be compromised, CEO Neil Bassi said.
Heartland is urging all consumers to check card and bank statements carefully and report any suspicious transactions to the financial institution that issued the card.
Consumers are not liable for fraudulent charges on their credit cards. When it comes to debit cards, federal rules protecting consumers are weaker, but institutions generally will cover a customer's entire loss due to fraud.
For more information on the breach and tips on what to do about suspicious transactions, visit Heartland's special Web site, www.2008breach.com, or call toll-free 1-866-399-6228.
Patricia Sabatini can be reached at email@example.com or 412-263-3066.