Credit card data breached at unnamed payment processor

Credit unions are reporting that consumer credit and debit accounts were exposed in a breach at a payment processor but the name is being withheld during the forensic investigation.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Another U.S. payment processor has suffered a database breach that exposed credit card and debit card information, according to several credit unions. The name of the payment processor has not been released and it is unclear how many consumers are affected.

Blog site DataBreaches.net has been tracking the reports here and here.

Community Bankers Association said in a statement on its site two weeks ago that Visa announced that an unnamed processor reported a data breach and that the name of the processor was being withheld pending completing of a forensic investigation.

The breach appears to have affected fewer account holders than were affected by a breach reported by Heartland Payment Systems last month, but represents a "significant number nonetheless," the statement said. "According to VISA officials, the breach affected all card brands. Evidence indicates that the account number, PAN and expiration dates were stolen."

The Tuscaloosa Virginia Credit Union posted a statement on its site that said malicious software was placed on the processor's system but there is no evidence that accounts were viewed or data taken by hackers.

The Pennsylvania Credit Union Association also issued a statement, as did the Alabama Credit Union, which said it was limiting Visa ATM and debit card purchases to $99 per day as a result of the breach.

Credit card and debit card users are encouraged to monitor their statements carefully.

The incident is the latest in a string of breaches at payment processors, including one at RBS WorldPay last year that enabled scammers to clone cards and withdraw millions of dollars from bank accounts.