A security breach at a major credit card payment processor has prompted more than two dozen banks nationwide - including Baltimore-based Provident Bank - to notify customers that their credit and debit card numbers might have been compromised.
Provident sent new cards to customers last week with a letter stating that it has "been advised of a very large data breach impacting millions of credit and debit card numbers."
Only those customers who received letters and replacement cards sent last week were affected, said Dana Jung, Provident's manager of business continuity and customer information security. She declined to say how many Provident customers received new cards.
She said MasterCard identified cards that might have been affected.
Jung said there was no indication that all of those who received new cards were victims of fraud, but she said that the company assumed an "absolute worst-case scenario to try to be proactive."
Provident customers who received letters were instructed to destroy their old cards and use the new ones instead. They should also review their card statements for fraudulent transactions and report them to Provident.
Heartland Payment Systems, based in Princeton, N.J., announced Jan. 20 that hackers had used malicious software last year to steal information. The company first learned from Visa and MasterCard about a small number of fraudulent transactions in October, said spokesman Jason Maloni. It's hard to pin down how many people have been affected, or when. Heartland processes 100 million transactions a month for 175,000 businesses in 250,000 locations, Maloni said.
"We are reasonably certain the data compromise was contained in 2008," he said. The Justice Department and the Secret Service continue to investigate the incident as a potential international cybercrime.
A Jan. 30 letter from Heartland to the identity theft unit of the Maryland attorney general's office states that hackers might have gained credit card numbers and other information, including names in some cases, from the magnetic strip on the back of cards. The company can't be certain what information was accessed, although unencrypted personal identification numbers did not appear to have been at risk.
About 30 banks and credit unions, including Pennsylvania-based Sovereign Bank, have stated that their customers have been affected, said Tom Field, editorial director of the Information Security Media Group, which publishes bankinfosecurity.com. "One would expect we'll hear from a lot more," he said.
Sovereign, which has branches in Hereford, Bel Air and Forest Hill, said on its Web site that it was reviewing the security breach and considering whether to reissue cards, although customers could request a new one.
For more information on the security breach, customers can call Provident at 888-298- 7734, Sovereign at 877-768-2265 or go to www.2008breach.com.