A few weeks ago, Clearstar Financial Credit Union reported that a few dozen of their members had detected fraudulent charges on their cards that began on March 25. Given that lists of possibly compromised card numbers from the Heartland Payment Systems breach had been sent out in January and thereafter, some of us wondered whether the Clearstar report was related to Heartland’s breach or indicated a separate problem. Representatives of Clearstar, when contacted, were unable to determine whether the problem was Heartland-related or not.
But now more credit unions are filing similar reports, and they are being attributed to the Heartland breach, suggesting that either card issuers had not identified all of the compromised numbers when they sent out their alerts, or banks and credit unions may have erred by not cancelling cards. Today, Deneen Smiths of the Kenosha News in Wisconsin reports that 78 customers at Southport Bank in Kenosha started noticing fraudulent debit card charges beginning on April 8 and that other local banks, including the Bank of Kenosha, have also been affected. As in other cases, the card numbers are being used at a variety of locations around the country.
The Bank of Kenosha spokesperson did not indicate whether the fraudulent charges only began in the past few weeks, but the Southport Bank report suggests that we have not heard the last of new fraud reports stemming from the Heartland breach. To date, over 625 banks and credit unions have been identified as having been affected by the breach.