Wednesday, February 11, 2009

Large National Data Breach

Heartland Payment Systems recently disclosed that intruders had hacked into the computers it uses to process 100 million card transactions per month for 175,000 merchants. Heartland processes card payments for restaurants, retailers, and other merchants throughout the country.

Tech security experts said that the data breach could set a record, larger than the 94 million customer records lost to hackers by retailer TJX in 2007.

North Alabama Educators Credit Union has received notice from VISA International that a considerable number of our VISA Debit Card members were included in this national data breach. Replacement VISA Debit Cards are being ordered and all impacted members will be receiving mail correspondence and a new VISA Debit Card. Members will have the ability to change their new PIN's upon receipt and activation of the new card.

These type of data breaches are unfortunate because they generate considerable expense to the credit union. The time required to generate the compromise letters and card orders is also very time consuming. It is also inconvenient for the impacted credit union member.

Please keep in mind that North Alabama Educators Credit Union played no role in the data breach, but yet we bear the time and expense in replacing the VISA Debit Cards. Legislation is needed to hold organizations responsible for the time and expense associated with these data breaches. The credit union industry has been trying to bring forth data breach legislation that would automatically hold businesses responsible for losses of personal data.

A national class-action lawsuit is pending against Heartland Payment Systems as a result of this data breach. You can rest assured that North Alabama Educators Credit Union will join that legal effort to recover damages attributed to this data loss.

Members who have been impacted by this national data breach, or others in the past, are encouraged to contact your state and federal legislators and ask for data breach legislation to hold companies accountable for loss of YOUR personal information.

No comments: