Heartland Data Breach: How to Tell Your Customers
Example of Communication from Bank of Fayetteville, AR. If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification.This is a copy of a letter sent by the Bank of Fayetteville, Fayetteville, AR to a debit card customer on January 22. The bank sent the letter to inform the customer that the debit card may have been among those that were compromised as a result of confirmed unauthorized access to Heartland Payment Systems. The customer's name and address were removed before being posted to our website. The letter tells the customer that the cardholder name and expiration date were exposed in the breach.
The bank says the identified exposure dates are from debit card transactions done between May 15, 2008 and November 13, 2008. The Bank of Fayetteville says it has debit card fraud monitoring in place and has chosen not to automatically replace the debit card at the time the letter was sent.
Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud.
View the letter here (PDF)