Frequently Asked Questions

  1. What types of data were compromised in the breach during 2008?
    During the week of January 12, 2009 we learned we were the victim of a security breach within our processing system during 2008. Potentially exposed through this breach are card numbers, expiration dates and other data from the card’s magnetic stripe. In a small percentage of cases, the cardholder name of your customers who used a credit or debit card in your store during part of 2008 may also have been exposed. We are continuing to investigate the incident with the help of forensic experts. We also are working with law enforcement authorities to help apprehend the criminals responsible for this breach.
  2. How many cardholder account numbers were compromised in the breach during 2008?
    At this time, Heartland does not know how many cardholder account numbers were at risk of having been compromised. The investigation by forensic auditors is still underway, and we simply do not have that information. The media reports of numbers of potentially compromised accounts have been speculative.
  3. How did we learn about the breach?
    After being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Malicious software was discovered that potentially enabled data to be compromised as it crossed Heartland's network.
  4. Is the breach contained?
    We believe the breach is contained.
  5. Was merchant data compromised?
    No merchant data was impacted.
  6. Who did this?
    We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.
  7. What should cardholders know?
    Heartland regrets any inconvenience this situation has caused. Heartland advises cardholders to examine their monthly statements closely and report promptly any suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties that are reported in a timely way to the card issuer.
  8. How do I know if my card account information has been misused?
    Closely examine your monthly credit card and bank statements and immediately report suspicious activity to the financial institution that issued your card. We understand the card brands are notifying issuing banks of those account numbers they consider to have been placed at risk of compromise in the breach.

    You should always check your statements. Look for suspicious charges from telemarketers, free-subscriptions that auto-debit your account once the free trial expires, inaccurate charges by retailers, purchases made by family members and any charge you are not confident you authorized.
  9. My bank contacted me and said "Heartland’s records show my card was likely compromised." Is that true?
    Heartland Payment Systems has not confirmed the compromise of any particular card data. Any notification to you that Heartland has provided this kind of information — either directly or implied — is not accurate.
  10. Will I be charged for any losses?
    No. You are not responsible for any counterfeit fraudulent charges made by third parties that are reported in a timely way to the card issuer. Report any suspicious activity to your card issuer, and your claim will be investigated.
  11. Should I order a credit report?
    If you would like, you can order your free credit report at www.annualcreditreport.com.
  12. Why did Heartland disclose the breach on Inauguration Day?
    We recognize there was competing news on Inauguration Day, but in the interest of transparency, we wanted to get this information to cardholders as soon as possible.
  13. Were Heartland's other processing platforms affected?
    None of Heartland's check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms were involved.
  14. What are we doing to further secure our systems?
    Heartland immediately took a number of steps to further secure its systems. In addition, Heartland will implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to expeditiously apprehend cyber criminals. Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective.
  15. Whom should I contact if I have additional questions?
    If you have further questions, please call us toll-free at 1.866.399.6228 or email us at 2008breach@e-hps.com. A Heartland representative will be happy to answer your questions.