When I learned last week about what may have been the world’s largest payment card data breach, I knew there were going to be potentially millions of victims. What I didn’t expect is that I may be one of them.
This Monday afternoon, I opened my mailbox to find a letter from my issuer, Bank of America. Inside was a shiny, new replacement debit card. At first I was perplexed; my card was nowhere near its expiration date. I read the accompanying letter, addressed from Stacy A. Maschhoff, the Debit Card Operations Executive. It said the bank has learned that some of their check card information many have been compromised, and my card “may have been part of this compromise.” Ah ha. Thanks, Heartland Payment Systems, the source of the breach, which took place last year but was not discovered until Visa and MasterCard inquired about curious transactions, and was not publicly reported until Jan. 20, 2008.
To be on the safe side, Bank of America issued me a card with new numbers. I’m very curious as to how many cards they reissued. Perhaps they were given a list of all the merchants involved in the breach and decided to reissue cards for anybody who shopped at one of them.
The letter asked that I notify all of the merchants that I have recurring payments with and give them the new card information. Fortunately, almost all of my recurring payments are on my credit cards, so I don’t have much work to do. My old card will automatically be closed within 30 days, so I hope nobody does any damage with the old numbers until then.
While Heartland isn’t offering me any type of protection as a potential victim, I am happy to say that my bank is. The letter says the bank will be monitoring the activity on my checking account, and they will immediately notify me if they detect any suspicious transactions. Because of the free “Total Security Protection package” that comes with my card, I will be reimbursed for any unauthorized transactions as long they are reported (by me or the bank) within 60 days of my bank statement. I’ll be credited for the loss by the end of the next business day. “If it’s not your purchase, it’s not your problem,” Maschhoff’s letter says. Well, it is my problem if I live in Washington or Idaho; the fine print says this security feature isn’t available in those two states. Luckily for me, I reside in Texas.
Scope of problem unclear
The scope of the data breach still isn’t clear — some reports say data from as many as 100 million cards may have been intercepted by hacker-installed “sniffer” software. The reaction, however, is clear: It has put a spotlight on the increasing volume of data breaches, created massive headaches for card issuers, sparked a class action lawsuit and spurred warnings from Iowa to Vermont, from Florida to Guam.
In the state of Washington, it has put a breeze behind a credit union’s proposal to pass a state law forcing data transmitters such as Heartland to reimburse banks for the costs they cause.
The New Jersey-based Heartland has created a Web site, www.2008breach.com, to pass along information about the breach.
For those who may have been victims, the unanimous advice from all quarters is to step up their vigilance and monitor even more closely their credit card bills. Quickly report any suspicious activity.
Has anyone else received a breach-related replacement card in recent days?
See related: Few answers in massive security breach