I wonder if they will not get some type of bailout as well?

Huzzah! Big business remains unchanged in this new era of enlightenment!

So they feel no need to say what companies I shop at might have been affected simply because they service alot of companies?

Nice!

Great. I'm going to start paying for things with chickens and jam.

@dollywould: The time is right to start my Chicken and Jam payment services brokership.

I got a call 10 days ago from the bank the branded my credit card that a merchant's data was compromised for that particular card. I'm guessing that this is it since I only use this card for restaurants. Nice.

They should be required to list EVERY SINGLE BUSINESS that uses their services. If they had to do that, you know they would have been more careful in the first place because every single one of those businesses would now be leaving them due to the public humiliation. Why aren't companies held accountable for this sort of thing??

@El_Fez: The "new era" is how many hours old as you post this?

I use Heartland at my business, and I found out only because of this article and calls from customers. I can tell you that they are not being forthcoming with their merchants and at at this point I am in a mad dash trying to find a different proccessor and try to figure out if my customers where affected.

"It's clear that Heartland is in the business of servicing other businesses, not consumers..."

Yup.

Heartland is big and has all our data. We individuals have zilch leverage over Heartland directly. There is a remedy in the American legal system for this kind of imbalance of power. It's called "government regulation."

Here's an idea for a new law. If a data aggregator like Heartland has a breach like this and fesses up voluntarily, they have to send everybody who was breached or might have been breached a check for $10. If they don't fess up, and the government finds out, the government sends in a swat team of forensic auditors, and then the aggregator has to pay for the audit, and has to send checks for $100.

I'll bet this nonsense would stop real darn quick.

@Kos:
Care to name any restaurants you frequent?

It sure seems like these breaches are getting bigger each time. IIRC, the TJMaxx breach was the biggest when it happened.

Well, they are sorry. I feel so much more secure now.

If you think its frustrating as a cardholder try being in the shoes of a small business. I truly care about my customers and like I said in an early post I found out from customers and from here about the breach, nothing from Heartland. I have been on the phone for the last hour trying to get answers and am getting nowhere. Its not just consumers they are stonewalling its even their own merchants, and it is WRONG!

@Applekid:

Any VC money out there for my Jam Cock Enterprises?

@renegadebarista: If you get any information from heartland that's worth sharing with our readership, please email us at the tipline or any of us personally. Best of luck.

This is why there should be some sort of mandatory signage on the door or register regarding whom they use for card processing. Most businesses show who they use for check processing. That way consumers could purposely avoid places that use a sketchy processor or just pay cash instead. We do have a right to know this information.

@dollywould: Listen, you will need marketing expertise. How about technical support? What about RMA's?

Hmm!! I bet this is why Bank of America sent me a new debit card last week saying ".We have learned that some information from certain Bank of America Check Card accounts may have been compromised at a third party location"!!

@FrankenPC: For coming up with a name like "Jam Cock Enterprises," I think lostsynapse already has some marketing experience. Or just a natural gift for names.

Does Consumerist have any executive info for this company? I noticed a couple odd transactions on my online account summary today, and I need to be able to fight these charges (which took me into the negative numbers, by the way). How is it possible they can not tell consumers what companies were compromised?

their CFO says, "We recognize and feel badly about the inconvenience this is going to cause consumers."

Well, that's OK, then. As long as he feels badly. I'll sleep better tonight knowing that he probably felt so horrible he skipped the pâté at lunch today.

Now if he was all smug about it, THAT would be totally unacceptable.

/President Obama, do you have room on your agenda for these world class sphincters?

This is so scary and frustrating. I'm just about to graduate college and I'm constantly afraid that my credit is going to be compromised before I even get started! And most people I know in college never ever use cash. We either charge to our student accounts, or we pay with credit/debit because free ATM's for most of our banks are not readily accessible. It is also much easier to keep up with tons of small purchases through your bank statements, and budget that way.

I agree with the chicken and jam guy. Do you think my local restaurants will accept cowrie shells?

@lostsynapse: If you need in-house counsel, look me up!

@aliasmisskat: You should contact the issuer of your card. The processor is not gonna talk to a consumer.

Having someone hit my car is an unfortunate incident, having my credit card info stolen is downright negligent.

Because no addresses, SSNs or PINs were stolen, the prospect of full-blown identity theft is pretty small.

The thieves were smart enough to steal 100 million numbers, they just might be smart enough to figure out more with that info.

Ahem.

[consumerist.com]

@dollywould: @lostsynapse: Wow, I read that as Cock Jam at first and... yeah, my brain needs a shower.

"Baldwin said it would be unfair to mention any one of his company's customers".

But it's fair to say that you don't give a damn about consumers...cuz hey, we can't touch you anyway.

@TonyEuryale: But Obama was sworn in today. It's all supposed to be magically better!

/sarcasm

I found out last week when logging on to my Chase Mastercard to make a payment that my card had been shut down for suspected fraudulent activity. Going by the fact that the person trying to use my card was unable to provide my address, I'm wondering if I am indeed a victim of Heartland (gee, what a wholesome-sounding name) and their crackerjack security systems. Of course, I have no way of knowing for sure since they won't release the names of the companies they are affiliated with.

(The treatment I received from Chase about this is worthy of a Consumerist post all its own...)

@Applekid: until your chickens are compromised by turkeys!

@nsv: He can't "feel badly" about something. He can feel *something* badly. Like if he's bad at feeling fruit to see if it's ripe. He *can* "feel bad" about the inconvenience. But he didn't say that, and I don't really think he does.

Sorry. Pet peeve.

"40 percent of transactions the company processes are from small to mid-sized restaurants across the country"

That seems like such a random metric, until you realize that basically puts everyone in the entire country at risk, since they're so unwilling to release actual business names.

I just realized the other day that I need a new credit card, because I still use my first and only one all the time and once it gets lost or stolen, that's quite a few years knocked off my credit history.

It'd be nice if they did release business names...

@lostsynapse: you can't dooooo that. Cock is slang for rooster, and we all know roosters are animals. And well, I'm sorry but that comes too close to my corporation "Monster Fables" (we make overly priced children books) because a Monster is an animal too. Unless of course you are willing to rent a license for the name Jam Cock, in which you will pay us 80% of the revenue and we will donate 1% of it to "Rehabilitating Criminal Crack Whores Foundation" or "The Quadriplegic Dog Fund" your choice

I'm sure their CFO only "feels bad" that anyone found out. I highly doubt he'll gives a rat's ass when fraudulent charges start showing up on everyone's credit cards.

What a lovely attitude.

Maybe a few million of us should get together, form a club and purposely charge things to each other's credit cards and then we'll see how easily this gets shrugged off when the credit-card companies are out a few hundred-million bucks.

Happened to me. Ate out at a local buffet the other night, card got canceled the next day. I'm glad my bank caught the fraud, but pissed these morons are so weak about protecting their systems!

"...no one will ever really know." ...or be able to (legally) prove any responsibility lies with us.

Wow!! How do I get into this business, where I don't have to fully disclose whose information was stolen FROM MY COMPANY, and where and when because it "would be unfair to mention" that kind of information.

@parad0x360: to be fair, i don't think it's the companies fault at all (other than they chose to contract with this processor) - the source of this breach seems to be entirely on heartland's side.

considering the size of the breach thus far, i think everyone needs to make the assumption that any card they've used within the last year has been compromised. keep an eye on your statements & report any fraudulent activity to your card issuer. you are protected under federal law & thru card policies (such as visa's "zero tolerance").

@renegadebarista: interesting. let me ask you: 1) are you in contract? 2) have you spoken with a lawyer concerning whether this event constitutes a breach of agreement?

i would think it does, but since heartland services a lot of small & mid-size businesses, i'm going to assume that they're gonna be hardasses about moving on. i'd like to know more if you have the time...

@renegadebarista: & frustrating as a card issuer! we reissued our entire debit cardstock - over 1000 cards 2 weeks before christmas b/c fraudulent activity was getting worse each day.

not only did that turn into a huge clusterf*** (mass reorder during the time when cards are most used), but i'm still dealing with the ramifications (reduction in card usage, people forgetting their new PINs, losing their new cards, not activating their new cards, etc.).

i've been working on this since 12/06/08 & it's monopolized my time at work for the last 6 weeks (which means all the other crap i have to do has been building up).

& that's just me - 1 person at 1 institution. think of all the time, energy & money being wasted on their negligence.

i feel your pain - GL!

I'm another one waiting on a new debit card. It's my credit union's policy to cancel the debit cards as soon as they hear and then issue replacement cards ASAP. Unfortunately, their definition of ASAP isn't the same as mine. So after the Hannaford deal, I added a bank so that we'd have different bank debit cards just in case.

I only use our debit cards at two area gas stations, so I know it was one of them. My banks will only tell me that they canceled the debit cards because of the Heartland breach and that new cards are being issued.

Personally, this is getting to be ridiculous. Two years ago, it was TJ Maxx. Last year, around the same time, I had to wait for a replacement after the Hannaford deal. Now it's Heartland. What's next?

I rarely use debit card anymore because I'm sick to death of having to make it to the bank during their hours to get cash when another company screw up leaves me without a debit card for a couple weeks.

With Hannaford, they said it was malware that was on their computer. Same with Heartland. Do these companies NOT have security measurements? Before any company processes a debit card, credit card or check, they should have to prove they have a quality virus/malware program installed, updating regularly and running properly. There's really no excuse.

@Ryan Gard: Per my credit union, they said all they could tell me was that Heartland does the processing for a lot of convenience stores in this area. As I only use my affected debit card at one of two gas stations in town, I know it is a gas station in my case.

@dollywould: Works for me. I'll take layer hens, whole grains & organic produce as payments for my business.

Thus far, no one has taken me up on alternative payment strategies.

@Ryan Gard: If they released business names, reactionaries & people who don't understand how third party processing works would boycott those businesses. And that's not fair to small business people -- most of them are ethical and care about their customers, they certainly didn't want their card processor to foul up this way.

A bigger problem is that Heartland isn't contacting the businesses directly so that they can contact their customers or give out warnings.

Hey Chris, what's with the over-sensationalist headline?
"May Affect Over 100 Million" seems misleading when the article specifies 100 million transactions. The headline implies people.

No need for that.

@Gtmac: That's why it says "May" and not "Definitely".

@Kos: I got as letter in the mail talking about the breach. I called to see if I could get some information and they couldn't tell me anything, so it seems the banks are in the dark about what is going on as well... at least their employees are.

My question is, why are companies like Heartland not being held responsible by the banks and issuers of credit/debit cards? How much money are these companies going to have to shell out for new cards for everyone? Then there is the issue of trusting this company once more with our information...

Granted, I have no love for banks, but mine is a small local bank run by good people who use to give loans with a handshake.