Frequently Asked Questions
Last update: January 26, 2009
How many cardholder account numbers were compromised in the
At this time, Heartland does not know how many cardholder account numbers
were compromised. The investigation by forensic auditors is still underway,
and we simply do not have that information. All media reports of numbers
are pure speculation.
How do I know if my card account information is safe?
Closely examine your monthly statements and immediately report suspicious
activity to your issuing bank. The card brands are currently in the
process of notifying banks of fraudulent charges placed on members'
cards. Bank issuers will provide notification to those cardholders
who may have been affected by this breach.
Will I be charged for any losses?
You are not responsible for unauthorized fraudulent charges made by
third parties. Suspicious activity should be reported to your card
issuer, and claims will be investigated.
Should I order a credit report?
Fortunately, no cardholder Social Security numbers, unencrypted personal
identification numbers (PIN), addresses or telephone numbers were involved
in the breach. However, if you would like, you can order your free
credit report at www.annualcreditreport.com.
Why did Heartland disclose the breach on Inauguration Day?
Heartland wanted to disclose the breach days earlier when investigators
first uncovered the source of the breach, but legal reviews and logistics
made such a disclosure impossible. We recognize from a visibility perspective
that Inauguration Day was not ideal, but in the interest of transparency,
we wanted to get this information to cardholders as soon as possible
rather than delay further.
Which merchants were affected?
No confidential merchant business data was affected. This is why it
is not necessary to publish our merchant list.
Whom should I contact if I have additional questions?
If you have further questions, please call us toll-free at 1.866.399.6228
or email us at firstname.lastname@example.org.
A Heartland representative will be happy to answer your questions.
Frequently Asked Questions: January 20, 2009
Was Heartland the victim of a data breach?
Yes. During the week of January 12, we learned we were the victim of
a security breach within our processing system in 2008.
How did we learn about the breach?
After being alerted by Visa® and MasterCard® of suspicious activity
surrounding processed card transactions, Heartland enlisted the help
of several forensic auditors to conduct a thorough investigation into
the matter. Last week, the investigation uncovered malicious software
that compromised data that crossed Heartland's network.
What is the extent of the breach?
We believe the intrusion is contained.
Was merchant data compromised?
No merchant data was impacted.
Were Heartland's other processing platforms affected?
None of Heartland's check management systems; Canadian, payroll, campus
solutions or micropayments operations; Give Something Back Network; or
the recently acquired Network Services and Chockstone processing platforms
Were cardholder Social Security numbers impacted?
No cardholder Social Security numbers, unencrypted personal identification
numbers (PIN), addresses or telephone numbers were involved in the breach.
What are we doing to further secure our systems?
Heartland immediately took a number of steps to further secure its systems.
In addition, Heartland will implement a next-generation program designed
to flag network anomalies in real-time and enable law enforcement to
expeditiously apprehend cyber criminals. Heartland is deeply committed
to maintaining the security of cardholder data, and we will continue
doing everything reasonably possible to achieve this objective.
Who did this?
We understand that this incident may be the result of a widespread global
cyber fraud operation, and we are cooperating closely with the United
States Secret Service and Department of Justice.
Where can people find more information?
Heartland has created a website — www.2008breach.com — to
provide information about this incident.
What should cardholders know?
Heartland apologizes for any inconvenience this situation has caused.
Heartland advises cardholders to examine their monthly statements closely
and report any suspicious activity to their card issuers. Cardholders
are not responsible for unauthorized fraudulent charges made by third