Banks, credit unions scramble in wake of Heartland breach

In the first real indication of the scope of the recently disclosed breach at Heartland Payment Systems , banks and credit unions from Washington to Maine have begun to reissue thousands of credit and debit cards over the past few days.

Heartland tries to rally industry in wake of data breach
Heartland breach raises questions about PCI standard's effectiveness

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In the first real indication of the scope of the recently disclosed breach at Heartland Payment Systems , banks and credit unions from Washington to Maine have begun to reissue thousands of credit and debit cards over the past few days.

Heartland tries to rally industry in wake of data breach
Heartland breach raises questions about PCI standard's effectiveness

Several have also begun disclosing fraud associated with payments cards that were reported to them by Visa and MasterCard as having been exposed in the breach.

A Pennsylvania law firm today filed the first class action lawsuit related to the breach. The lawsuit was filed by Chimicles & Tikellis LLP of Haverford, PA on behalf of Alicia Cooper, a resident of Woodbury, MN, and others who might have been affected by the breach.

The complaint, filed in the U.S. District Court for the District of New Jersey in Trenton, alleges that Cooper, whose card was compromised in the breach, and others, were victims of Heartland's negligence in protecting card-holder data. The lawsuit, which calls for a jury trial, charged Heartland with breach of contract, breach of implied contract and breach of fiduciary contract for the breach.

The compromise has pushed the Washington Credit Union League in Federal Way to revive legislation that would mandate specific data protection controls on all merchants and third-parties such as Heartland that process payment card data. The bill (HB 1149) received its first hearing last Thursday in the Washington House Financial Institutions and Insurance Committee, according to a statement released by the association .

Heartland, a Princeton, NJ-based processor of payment card transactions disclosed last Tuesday that its systems had been broken into by unknown intruders sometime last year. The company claimed that the intrusion -- which some are calling the biggest ever -- was discovered only earlier this month following a forensic investigation that began last year when Visa and MasterCard first alerted it of suspicious transaction activity.

The company said that intruders planted sophisticated sniffer software in its network and stolen data as cards were being processed.

Heartland has not yet released any information on the number of cards exposed in the intrusion. But the fact that the company processes more than 100 million transactions per month for over 250,000 customers has sparked speculation that the breach might be even bigger than the one disclosed by TJX Companies Inc. in which more than 45 million payment cards were compromised .

Since its disclosure, a growing number of financial institutions across the country have begun notifying their customers of their cards being potentially compromised as a result of the breach. In most cases, the compromises resultin the cards being blocked and recalled by the financial institutions. A small sample of those making such announcements included the following:

Boston-based Sovereign Bank has posted a notice on its Web site alerting account holders of the breach and informing them that the bank's cards had been affected by it as well. The bank said it was still determining the number of compromised cards.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.