By HEATHER PYLES, CJ Staff Writer
A security breach at one of the nation’s largest credit processing companies may have affected more local bank customers than what was once thought.
The breach, reported by Heartland Payment Systems, is affecting member banks across the country, and as the scope of the breach widens, more and more banks are coming forward and stating their debit card customers may have been affected.
And that applies to local banks as well.
As of the end of January, Forcht Bank, headquartered in Kentucky, seemed to be the only local bank impacted by the breach, but others were informed only last week that several debit accounts may have been compromised, while at least one other bank has been feeling the effects since January — despite reports that its customers were spared.
Cumberland Security Bank released a statement to customers on its Web site explaining that “a small number” of debit accounts suspected of being compromised would be canceled and new cards would be issued.
That statement, released on Jan. 23, came only days before Cumberland Security CEO Mike Simpson stated to the Commonwealth Journal that “We (Cumberland Security) don’t have any issues with any breach with our debit cards.”
While the number of debit cards affected is unknown, the memorandum, released by Simpson, said that no fraudulent activity had been reported on those cards as of the end of January.
“We understand and acknowledge that some of our debit card customers were inconvenienced and embarrassed by their debit card transaction being denied,” the release stated.
The statement went on to encourage customers to closely watch their accounts over the coming weeks.
Several calls made to Simpson on Friday and Monday were not returned by press time.
Another local bank reported being contacted recently by Visa about the possibility of several debit card accounts being compromised there.
First & Farmers Bank President Kathy Choate said the bank was informed last week that some of its debit customers may have had their accounts compromised. Choate had first reported that the bank had not experienced any problems connected with the breach as of Jan. 26.
“We had no earlier notice at all,” Choate said.
Choate said the number of debit accounts impacted are relatively small, and she said letters about the situation had already been sent to those customers.
New debit cards have been ordered, and Choate said affected customers should receive new cards within the next few days.
“Everything is under control,” Choate said.
There were also reports that debit customers with Citizens Bank of Mt. Vernon, which has a branch in Somerset, were affected by the breach, but those reports could not be confirmed as of press time Monday as the bank’s Web site did not contain any information about the breach and any affects it may have on Citizens’ customers.
Calls made to John Hopkins, senior vice president of operations at Citizens Bank of Mt. Vernon, were not returned by press time.
Forcht Bank first released a statement in early January explaining to its customers that a certain number of debit cards may have been compromised in the breach. The cards were canceled and new cards subsequently issued to ensure that customers’ accounts would not be accessed illegally.
Some customers — 8,500 out of 22,000 debit card holders who bank at Forcht were affected — are still awaiting new cards.
Heartland Payment Systems, reported to be the sixth largest credit and debit card processing service in the country, is used by around 250,000 businesses. Those businesses include restaurants, retail businesses and gas stations.
Essentially, when a credit or debit card is swiped at a store, that information goes to a merchant processor such as Heartland Payment Systems. That information is then sent to a bank processing system. That information then goes back to the bank for balance updates.
According to a press release on its company Web site, Heartland reported that the intruders cracked the system used to process 100 million card transactions each month.
The company began investigating the breach last fall, but “malicious software” wasn’t found until the middle of January.
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert H.B. Baldwin, Jr., Heartland's president and chief financial officer, in the press release. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."
Heartland said it believes the intrusion has been contained.
