Heartland: Why it Matters
Since we first broke the news about the Heartland Payment Systems (HPY) data breach back on Jan. 21, this story has just dominated conversation in and about our industry.
At what point does the banking industry rise up like Peter Finch in the movie "Network" to say "I'm as mad as hell, and I'm not going to take this anymore...?"
And off our site, in the popular media, our coverage has drawn attention from the likes of KPCC, Southern California Public Radio, and most recently the Baltimore Sun.
The Heartland case has become so big, actually, that we built a special page to host all our coverage. News, articles, interviews, alerts - if you want the latest news and archives on Heartland, go here.
Now, at first I attributed this story's resonance to timing. The news broke on Inauguration Day, when the only other big news story in town was ... well, the inauguration.
But then, as the popular media and pundits got hold of it, the appeal seemed to be FUD - Fear, Uncertainty and Doubt. No one knew exactly how many institutions, cards or consumers might be impacted by this breach, and just knowing that Heartland processes 100 million transactions per month ... yeah, if you let your mind wander, it's scary stuff.
Now, though, I feel like I'm getting a true handle on the significance and impact of this story. And it comes from seeing the number and names of institutions affected by the breach. Have you been paying attention to the growing list? All week, we've been reporting the latest institutions to go public with their involvement, and every day that list has grown. We've gone from 12 to 20 to nearly 30, and who knows what today's news will bring?
What really hammered home the Heartland impact, though, is a note I received yesterday from an executive at a Colorado federal credit union:
"We are a small institution and have in the past two weeks been notified of approximately 400-600 cards of ours that were in the files. Our questions are: Where did this all happen, what merchant? And who's going to pick up our expense of reissuing the cards to our members?"
That really says it all, doesn't it? How did this happen, and who's going to pay to make good?
We've already seen the first customer-centric class action suit in this case, and I bet banking institutions aren't far behind. Why should they bear the burden and expense for a breach that didn't happen on their watch or to their own systems? It's TJX and Hannaford all over again - the banks pay for other businesses' mistakes. At what point does the banking industry rise up like Peter Finch in the movie "Network" to say "I'm as mad as hell, and I'm not going to take this anymore ...?"
And those are only a few of many unanswered questions about this case. As we're sitting here thinking about this now, investigators are out there trying to figure out exactly how big the Heartland breach is - and how much fraud truly has been committed.
As big as this story has been the past two weeks? My gut tells me it's only going to get bigger.