This story was first reported earlier this week, but I waited until there was confirmation that it was linked to the Heartland Payment Systems breach. This newest story provides more detail but still leaves some questions unanswered.
Nicole Norfleet of the St. Petersburg Times reports:
About 56,000 members of Suncoast Schools Federal Credit Union have been notified that their debit card accounts were exposed to fraud.
It is the latest casualty of last year’s breach of Heartland Payment Systems, one of the country’s largest credit card processors, where information from more than 100 million credit and debit card transactions was exposed.
Not until the end of May did Suncoast discover that some of its customers who use Visa Check Cards could be in danger. The Tampa credit union is issuing new cards to all members whose accounts were compromised.
[…]
Suncoast, which has more than 450,000 members, has determined that less than 1,000 members were actually affected by fraud as of Wednesday, McKay-Bass said. …. The credit union began notifying affected members by letter in the first week of June, McKay-Bass said.
Comment:
What do they mean that they discovered “at the end of the May?” Is that when they were first notified by Visa? Visa had informed this site that all notifications were made prior to that. Or does SunCoast mean that they had had the list of card numbers, but didn’t notify their customers because they didn’t see any evidence of misuse until the end of the May?
A number of institutions first started reporting fraud and card replacement after Visa’s May 19th deadline to submit claims for partial recovery of costs.
SunCoast did not reply to a request for clarification about the incident.