Online Security Breach Puts Millions at Risk

By Melissa Maynarich, NEWS 9

OKLAHOMA CITY -- Millions of people with debit and credit cards had their information compromised, possibly resulting in the largest data breach ever reported.

Many Oklahomans have received a letter in the mail from their bank explaining that there's been a data compromise. Many times, banks are cancelling debit and credit cards, and sending customers new ones.

Jessica Spires often checks her Chase bank account statement online, but in the last week she's come across several small, but fraudulent transactions.

"I saw all these little charges for $2.95, $3.95, $5.95 and it all said Acai XO Fat Burner," Spires said. "I've never ordered anything like that before."

Spires could be one of the countless victims in a large scheme, targeting anyone who used a Visa or Mastercard in 2008 at a business that uses Heartland Payment Systems to process transactions.

"Heartland payment systems is a large processor," said Oklahoma Banker's Association CEO Roger Beverage. "It does a lot of business with small to medium-size businesses, primarily that are customers of banks."

In the data breach, fraudsters did not recover social security numbers, addresses, phone numbers or pins, but they did account numbers, names, and in some cases, expiration dates.

"This was a very sophisticated piece of software that got by some very, very though security firewalls in our own system," said Heartland spokesperson Jason Maloni. "It looks to be something very serious."

Data breaches do not always lead to fraudulent activity on an account. Without a three digit security code on the back of the card, transactions in many cases are impossible.

Learn how you can protect yourself from online fraud.

Beverage advises people to check statements, understand the $5.95 and whether that's legitimate. If it isn't a recognized charge, Beverage urges people to call their banks and report the charge.

Jessica contacted her bank for reimbursement, and received a new card.

She continued to check her account more frequently to make sure she's not wrongfully charged again.

"You just don't plan on anything like that happening," Spires said. "It could have been worse charges, too."

Heartland Payment Systems said they apologize for any inconvenience, and have already taken steps to strengthen security.

Read Heartland's statement following the security breach.

The Oklahoma Banker's Association said, some of the local banks affected are MidFirst, Bank of Oklahoma, BancFirst, Stillwater National Bank and Chase.