Wow! This happened way back on January 20th and my bank just notified me today! Thanks Bank of Oklahoma! I'm a college student and I get call from my mom today saying my new debit card has come it. I'm totally confused because I never ordered a new card. She reads me the enclosed letter about the security breach. So now I have to wait for 2 weeks to go home to get the new non-compromised card. Checked online banking and didn't receive any sort of notification from Visa or BOK until today (3/3), that's really being on the ball guys! I think I would have liked to know a little bit earlier!

I'd like to go hold one of the tires on Heartland's CEO's car hostage for a week then just say "oh sorry for the inconvenience". I mean if he had locking lugs I wouldn't have gotten the tire the same way if they had had competent security someone wouldn't have gotten my number.

!#@hole.

Also your joke isn't funny because nobody ever claimed that any candidate was going to prevent every bad thing from ever happening again. So it's a straw man joke. Pretty pathetic.

We get it. You think people have pinned too many hopes on the president and you hate him. STFU already.

I wonder if it was this thing.

What I get from this article is that as the technology frontier widens our interest will turn more and more towards digital security to protect our assets and identity. I found this site that pretty much explains where we are technologically today with regards to that:

[www.justaskgemalto.com]

This might have the effect of reducing the pay for scumware authors. Which would be nice.

@Gtmac: No 100 million separate transactions. Yes, the card number duplicate but the more separate transactions a person has had then the probably higher risk of exposure...

Think the old lady who uses her debit card once or twice a year to eat out versus the younger person who charges items even as small a Starbucks coffee on it each day.

I had a card get blown out at the start of December. Some nimrod charged $100 at AirCanada which then incured a conversion charge. Luckily we caught it early and didn't loose more money. We had heard there was alot of id theft/card theft at airports but now it is making sense that the theft was probably through the card processor which is used by the small restaurants (with big prices) at the airports.

However the bank rep we dealt with this time was very nice and efficient about the problem. This may or may not be a change due to Regions gobbling up AmSouth. In 2005 when my (now ex)wife's card was blown out in the TJMaxx breach, an AmSouth fraud rep practically accused me of making all the transactions myself. He said "these transactions required a card to be presented in person" and I literaly had to tell him : "No, my ex-wife was not in New York City buying $1400 at the Bananna Republic. I had to find the card in the bottom of the filing cabinet where I put it when we had separated over 9 months ago. Have you ever heard of card cloning?" before he grudgingly allowed me to report it. Then we both had to go to the bank to sign affidavits about the fraud. This time no problem - entirely handled over the phone.

If you have a charge on your credit or debit card that you are pretty sure you didn't make, it is between you and your financial institution, not the company who services the merchant hardware and software for the retailer at which you shopped.

Call your bank or credit card, dispute the charges, and get some kleenex.

@El_Fez: Not to mention, the data breach happened during the previous administration...

I can see that we are going to be getting new credit cards a lot more often now! This is great for getting out of those slimeball companies who make you call them to cancel service. (24 Hour Fitness, Zagats, Sirius / XM, etc, etc)

I'm so relieved.

@renegadebarista: You should try Mercury Payment Systems, I use them and they're pretty good, definitely the best customer service I've ever received.

Likewise, another card issuer keeps changing my cards -- last year it was swipeless cards (thanks, but no thanks), and a few years ago they converted VISA accounts to MasterCard accounts without asking first (thanks, but no thanks). The account numbers change (twice, actually, because they couldn't reinstate the original account numbers and changed them again to get the type of card I had had before), but the dates do not.

This isn't just what the banks say. When I look at my credit reports from the three major reporting agencies, the history for each of these accounts goes back to when I opened the original account, not when I got the current card number.

Two cards from different banks and of different types is probably a good idea though, especially if you travel.

to refresh everyone's memories, the cardsystems breach was disclosed in 06/2005 & affected roughly 40 million cardholders. visa & amex quickly "de-listed" the company, refusing to honor payments made thru their servers.

i believe the company was eventually bought by another payment processor, but my point is this: whether mr. baldwin feels "bad" or "badly", he's soon going to feel the affects of not having a job.

They sounded very unsurprised, and in a big hurry. I think I'm going to start using CASH again.

Anyway, what idiot actually buys music?

I feel so much safer now that the CEO apologized. /s

My question is, why are companies like Heartland not being held responsible by the banks and issuers of credit/debit cards? How much money are these companies going to have to shell out for new cards for everyone? Then there is the issue of trusting this company once more with our information...

Granted, I have no love for banks, but mine is a small local bank run by good people who use to give loans with a handshake.

No need for that.

A bigger problem is that Heartland isn't contacting the businesses directly so that they can contact their customers or give out warnings.

Thus far, no one has taken me up on alternative payment strategies.

I only use our debit cards at two area gas stations, so I know it was one of them. My banks will only tell me that they canceled the debit cards because of the Heartland breach and that new cards are being issued.

Personally, this is getting to be ridiculous. Two years ago, it was TJ Maxx. Last year, around the same time, I had to wait for a replacement after the Hannaford deal. Now it's Heartland. What's next?

I rarely use debit card anymore because I'm sick to death of having to make it to the bank during their hours to get cash when another company screw up leaves me without a debit card for a couple weeks.

With Hannaford, they said it was malware that was on their computer. Same with Heartland. Do these companies NOT have security measurements? Before any company processes a debit card, credit card or check, they should have to prove they have a quality virus/malware program installed, updating regularly and running properly. There's really no excuse.

not only did that turn into a huge clusterf*** (mass reorder during the time when cards are most used), but i'm still dealing with the ramifications (reduction in card usage, people forgetting their new PINs, losing their new cards, not activating their new cards, etc.).

i've been working on this since 12/06/08 & it's monopolized my time at work for the last 6 weeks (which means all the other crap i have to do has been building up).

& that's just me - 1 person at 1 institution. think of all the time, energy & money being wasted on their negligence.

i feel your pain - GL!

i would think it does, but since heartland services a lot of small & mid-size businesses, i'm going to assume that they're gonna be hardasses about moving on. i'd like to know more if you have the time...

considering the size of the breach thus far, i think everyone needs to make the assumption that any card they've used within the last year has been compromised. keep an eye on your statements & report any fraudulent activity to your card issuer. you are protected under federal law & thru card policies (such as visa's "zero tolerance").

Wow!! How do I get into this business, where I don't have to fully disclose whose information was stolen FROM MY COMPANY, and where and when because it "would be unfair to mention" that kind of information.

What a lovely attitude.

Maybe a few million of us should get together, form a club and purposely charge things to each other's credit cards and then we'll see how easily this gets shrugged off when the credit-card companies are out a few hundred-million bucks.

That seems like such a random metric, until you realize that basically puts everyone in the entire country at risk, since they're so unwilling to release actual business names.

I just realized the other day that I need a new credit card, because I still use my first and only one all the time and once it gets lost or stolen, that's quite a few years knocked off my credit history.

Sorry. Pet peeve.

(The treatment I received from Chase about this is worthy of a Consumerist post all its own...)

/sarcasm

But it's fair to say that you don't give a damn about consumers...cuz hey, we can't touch you anyway.

[consumerist.com]

Because no addresses, SSNs or PINs were stolen, the prospect of full-blown identity theft is pretty small.

The thieves were smart enough to steal 100 million numbers, they just might be smart enough to figure out more with that info.

I agree with the chicken and jam guy. Do you think my local restaurants will accept cowrie shells?

Well, that's OK, then. As long as he feels badly. I'll sleep better tonight knowing that he probably felt so horrible he skipped the pâté at lunch today.

Now if he was all smug about it, THAT would be totally unacceptable.

/President Obama, do you have room on your agenda for these world class sphincters?

Any VC money out there for my Jam Cock Enterprises?

Yup.

Heartland is big and has all our data. We individuals have zilch leverage over Heartland directly. There is a remedy in the American legal system for this kind of imbalance of power. It's called "government regulation."

Here's an idea for a new law. If a data aggregator like Heartland has a breach like this and fesses up voluntarily, they have to send everybody who was breached or might have been breached a check for $10. If they don't fess up, and the government finds out, the government sends in a swat team of forensic auditors, and then the aggregator has to pay for the audit, and has to send checks for $100.

I'll bet this nonsense would stop real darn quick.

Nice!

Huzzah! Big business remains unchanged in this new era of enlightenment!