Data breach ensnares many in Mass.

Credit and debit card numbers compromised

By Todd Wallack | Globe Staff / May 13, 2009

Tens of thousands of Massachusetts consumers have been forced to get new credit or debit cards after cyber thieves hacked one of the nation's largest payment processors and accessed consumers' account information.

Since the security breach at Heartland Payment Systems Inc. was disclosed four months ago, 17 Massachusetts banks have reported that the thieves potentially gained access to many of their customers' credit or debit card numbers and other personal information, according to documents the companies submitted to state regulators; each of the banks said the incidents affected more than 1,000 customers.

For instance, Rockland Trust Co. told the state it was forced to reissue nearly 19,000 MasterCard debit cards and 64 Visa credit cards to customers this spring, while East Boston Savings Bank said it replaced the debit cards for as many as 7,600 customers. Salem Five Cents Sav ings Bank said the debit cards for 7,200 of its customers, mostly Massachusetts residents, were "compromised" by the breach and issued new cards to customers with active accounts earlier this year.

While most banks gave customers new cards to prevent potential fraud, a few others said they were instead monitoring customer accounts. The banks also notified customers of the breach, as required by state law.

So far, though, officials said there have been few reports of outright theft from customers.

Rockland Trust told the state it had tallied $33,000 in fraudulent purchases in accounts affected by the breach as of February. The bank did not provide more details and declined to comment on the breach.

Meanwhile, two other banks, Newburyport Five Cents Savings Bank and Webster Five Cents Savings Bank in Auburn, each told the state they had not detected any theft linked to the incident. A Salem Five spokesman declined to comment, while East Boston Savings Bank did not return a call seeking comment.

"Anecdotally, we've seen only small amounts of fraud," said Jason Maloni, a Heartland spokesman.

Maloni said the breach exposed credit and debit card numbers and expiration dates, and in some cases customer names, but not social security numbers, addresses, and other personal information, which may limit the impact of the theft. Heartland, based in Princeton, N.J., said it doesn't know how many customers were affected in Massachusetts.

However, Heartland was hit with a multimillion-dollar fine by MasterCard for "allegedly not taking appropriate action" after being notified of the security breach. Heartland said it is appealing that fine.

Meanwhile, the company is also under investigation by numerous federal agencies, including the Securities and Exchange Commission and the US attorney in New Jersey for how it handled the breach, as well as alleged stock trades made by company officers in the days after it discovered the intrusion. Heartland shares dropped sharply after the company disclosed the breach Jan. 20. The company's stock, which peaked at more than $18 per share in early January, fell rapidly in the days after the disclosure, going as low as $4 in March.  It closed yesterday at $9.04.  (Editor's Note: ???? is it all the end-to-end encryption propaganda?  I don't see how they could possibly survive.  Massachusetts had to issue tens of thousands of cards.  The cost for each one is estimated at $202.00.  There's 49 other states and the breach is not limited to the USA.  Bermuda, Guam etc. have all been affected. 

Continue Reading at the Boston Globe