Fraud Incidents Tied to Heartland Data BreachCredit Unions Report Fraudulent Charges Against Members' Cards
The fraud against 16 credit cards of CU Community Credit Union members over one weekend last November puzzled the credit union's staff. The Springfield, MO-based credit union discovered nearly $11,000 in fraudulent charges against those cards.
At the time, the credit union didn't know what the fraud was related to, but staffers knew other financial institutions in the area were experiencing similar fraud, says Jenny Reynolds, vice president of marketing for the credit union. The credit cards were immediately blocked, and customers' accounts credited.
It wasn't until the credit union was contacted by its credit card company about the Heartland Payment Systems (HPY) data breach that the connection was made.
CU Community Credit Union is one of an unknown number of institutions that have been hit by the Heartland breach that was first made public on January 20.
HealthFirst Federal Credit Union in Waterville, ME. Also had cards compromised in the breach. "This has been quite a ride for us," says Lynda Quirion, a credit union employee. "We've been involved in 'compromises' in the past, but certainly not to this extent."
HealthFirst was notified this week by its card services area that 261 of the credit union's member cards were compromised. However, Quirion explains that this wasn't when the card compromise first came to light. "On the morning of January 12, we got a call from a member who had money taken from her account by debit card and claimed the transactions were not hers," Quirion says. In all, there were about 130 members who had money debited from their accounts.
The credit union has cancelled all cards involved in the compromise and reissued new cards and PINs. "The cards were all VISA debit cards," Quirion says. The credit union did not receive notification of the compromise from VISA until this week. The credit union also had 38 MasterCard credit cards that were compromised. "A few of those experienced fraud on those cards, but that happened before January 12," Quirion says.
Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud.
Heartland has stated that each month last year it processed 100 million card transactions.
For more on the Heartland data breach, see our resource page