Back in 2008, Heartland Payment Systems, a credit card payment processing center, suffered a data breach that exposed an estimated 130 million credit and debit card accounts to hackers. While this event was certainly a big deal at the time, a more recent data breach of its payroll processing system may have even bigger consequences.
According to the company, a break-in at their offices resulted in the physical theft of computers that contained not only personal identifiable information like names, addresses, and Social Security numbers, but because the computers were part of their payroll processing department—where other businesses can contract with Heartland to handle the payroll for their employees—the information also contained bank account numbers for the affected consumers.
While Heartland’s official comment on the incident hasn’t indicated the type of computers involved, experts have cautioned that if the stolen items were laptops, the information should be safe. State law requires mobile devices that store PII on consumers to be encrypted; if the stolen items were desktop computers, though, that protection isn’t in place unless Heartland voluntarily chose to require password protection on the devices. There is always the chance that the thieves were after tech that can easily be cleaned out and sold, so it’s still possible that their goal wasn’t identity theft.
This is one of those incidents that will hopefully help consumers see the need for constant, vigilant monitoring of their own credit scores, financial accounts, and identities. Unlike credit card breaches where the credit card companies have their own built-in monitoring systems—like the kind that will send up a red flag if any suspicious activity occurs—and have the ability to simply cancel a credit card and issue a new account number, this issue affects a far more permanent system of Social Security numbers (collected for tax reporting, as this is a payroll processing company) and bank account numbers. That means their information may now be “out there” and available for any thief who wants to use it or any black market buyer who wants to pay for it.
While customers whose information was lost in the breach will be offered credit monitoring services, this is a good time remind even those consumers who were not impacted about the need for watching out. Make sure you’re carefully reading any statements that come to you, and be mindful of any suspicious activity. Remember to order your credit reports throughout the year—you’re entitled to one free report from each of the three reporting agencies in every 12-month period, so stagger them throughout the year to get a continuous look at your credit—and report anything that doesn’t seem right. If you have already been the victim of a data breach, be sure to take advantage of the credit monitoring that’s offered to you, and consider putting alerts and freezes on your credit reports in order to minimize the chances that a thief can use your identity to open new accounts.