Frequently Asked Questions


Last update: January 26, 2009
  1. How many cardholder account numbers were compromised in the 2008 breach?
    At this time, Heartland does not know how many cardholder account numbers were compromised. The investigation by forensic auditors is still underway, and we simply do not have that information. All media reports of numbers are pure speculation.
  2. How do I know if my card account information is safe?
    Closely examine your monthly statements and immediately report suspicious activity to your issuing bank. The card brands are currently in the process of notifying banks of fraudulent charges placed on members' cards. Bank issuers will provide notification to those cardholders who may have been affected by this breach.
  3. Will I be charged for any losses?
    You are not responsible for unauthorized fraudulent charges made by third parties. Suspicious activity should be reported to your card issuer, and claims will be investigated.
  4. Should I order a credit report?
    Fortunately, no cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. However, if you would like, you can order your free credit report at www.annualcreditreport.com.
  5. Why did Heartland disclose the breach on Inauguration Day?
    Heartland wanted to disclose the breach days earlier when investigators first uncovered the source of the breach, but legal reviews and logistics made such a disclosure impossible. We recognize from a visibility perspective that Inauguration Day was not ideal, but in the interest of transparency, we wanted to get this information to cardholders as soon as possible rather than delay further.
  6. Which merchants were affected?
    No confidential merchant business data was affected. This is why it is not necessary to publish our merchant list.
  7. Whom should I contact if I have additional questions?
    If you have further questions, please call us toll-free at 1.866.399.6228 or email us at 2008breach@e-hps.com. A Heartland representative will be happy to answer your questions.

Frequently Asked Questions: January 20, 2009
  1. Was Heartland the victim of a data breach?

  2. Yes. During the week of January 12, we learned we were the victim of a security breach within our processing system in 2008.
  3. How did we learn about the breach?

  4. After being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland's network.
  5. What is the extent of the breach?

  6. We believe the intrusion is contained.
  7. Was merchant data compromised?

  8. No merchant data was impacted.
  9. Were Heartland's other processing platforms affected?

  10. None of Heartland's check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms were involved.
  11. Were cardholder Social Security numbers impacted?

  12. No cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach.
  13. What are we doing to further secure our systems?

  14. Heartland immediately took a number of steps to further secure its systems. In addition, Heartland will implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to expeditiously apprehend cyber criminals. Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective.
  15. Who did this?

  16. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.
  17. Where can people find more information?

  18. Heartland has created a website — www.2008breach.com — to provide information about this incident.
  19. What should cardholders know?

  20. Heartland apologizes for any inconvenience this situation has caused. Heartland advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.