The Field Report with Tom Field

Help Us Help You Get a Handle on Heartland

Help Us Help You Get a Handle on Heartland

  • 10,000;
  • 43,171;
  • 64.

Now let me tell you what they mean.

To be able to piece together an accurate view of the Heartland data breach, we need you to tell us exactly what's been compromised. How many institutions? How many cards? How much fraud? 

One single institution's report of the number of cards compromised by the Heartland Payment Systems (HPY) data breach - 10,000.

The total number of Heartland-compromised accounts reported to us yesterday alone - 43,171.

The number of new banking institutions that came to us in a single day and said "Us, too" - 64.

They're staggering, the numbers, as we try to get a handle on exactly how many institutions, cards and customers have been affected by the Heartland breach, which was first announced on Inauguration Day.

At first, all we heard from Heartland itself was that no one knew exactly how much damage might have been done. We knew Heartland processed 100 million transactions per month, but no one could tell us exactly how many customers that boiled down to - never mind how many might have been exposed during the breach.

But then, starting a week or so ago, institutions began to step forward and acknowledge publicly that they and their customers were swept up in the breach. That accounts were being monitored, cards replaced, and in some cases there was actual fraud associated with the Heartland case.

At first it was 20 institutions. Then another 20. Fifty more. We listed each of these institutions as we learned of them, so that we could keep a running tally. Suddenly we were over 100, 150, 175. Then yesterday we put a simple notice atop our new Heartland stories, inviting readers to alert us if their institution had been affected but wasn't on our list.

Within six hours, we heard from those 64 additional institutions.

So, we're now listing more than 200 banking institutions affected by the Heartland data breach. These are institutions of all sizes that are now refocusing personnel to notify customers, track accounts, replace cards. Who knows how much time, energy and expense is being dedicated to Heartland? One small credit union tells us its staff has lost 300 hours to Heartland in the past three weeks. And I think it's fair to say - pardon the cliché - we're only seeing the tip of the iceberg. By the time the accounting is done and we know exactly how many institutions, customers and cards were compromised, we may well be looking at a new entry in the Guinness book.

But how do we collect these figures? Heartland isn't saying much anymore. They're in full crisis mode, their stock value now being less than one-third what it was five months ago. A month ago, hardly anyone knew Heartland's name; today, the company is fighting to not be the next CardSystems.

Visa and MasterCard aren't saying anything - not publicly, at least. They're informing individual institutions of the damage done to them, but those are only glimpses of the elephant, so to speak. No one is painting a realistic portrait of the whole proverbial pachyderm.

So, it's up to us - we and you. To be able to piece together an accurate view of the Heartland data breach, we need you to tell us exactly what's been compromised. How many institutions? How many cards? How much fraud?

You can see our running tallyof institutions impacted by the Heartland breach. Check it out and, as our new notice says:

If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com . Include your name, email, and a phone number where you may be contacted for verification.

Together, we'll discover exactly how sweeping the Heartland breach really is. We can't answer the big question - who's going to pay for all these accounts to be monitored and cards to be replaced?

But if we can develop an accurate view of big the Heartland damage is, then we can start to get a handle on what it's going to take to clean up after it.



About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.