PORTLAND, Maine — Maine credit and debit card holders appear to be among the victims of a data theft against Heartland Payment Systems Inc., the nation’s sixth-largest payment processor.
Several Maine credit unions have been told by Visa and MasterCard that fraudulent charges were placed on members’ cards between mid-May and mid-August last year, said Jon Paradise, spokesman for the Maine Credit Union League.
Heartland Payment, which is based in Princeton, N.J., and processes cards for 250,000 business nationwide, revealed this week that its system was breached last year. The company said an undetermined number of card numbers and cardholders’ names were captured, but not Social Security or personal identification numbers.
In Maine, 500 or so Visa credit and debit cards issued by PeoplesChoice Credit Union in Saco might have been compromised by the data breach, said Luke Labbe, president and CEO. He said 50 or 60 customers had fraudulent charges on their cards.
The credit union had noticed a pattern in which small charges were being rung up at gas stations in the South followed by a $500 or so charge at a nearby Wal-Mart, Labbe said.
“We’ve been experiencing losses since October,” he said. “We couldn’t figure out where they were coming from.”
Kennebunk Savings Bank, which has 7,000 MasterCard accounts that potentially could have been compromised, decided Wednesday that it will send new cards to customers, although it had not received any reports of misused cards or detected fraudulent charges.
“Usually, we pick up that before customers do,” said Brad Paige, president and CEO.
TD Banknorth and Bangor Savings Bank, two of the state’s largest banks, said they’re waiting for more information to assess the level of risk to their customers.
TD Banknorth said it has determined that some debit and credit card customers are affected, and is working with Visa and other agencies in the preliminary stages of an investigation. Bangor Savings said it has not detected any problems so far.
This is the third time in the past two years that Maine banks and credit unions have had to deal with a major data theft incident.
In January 2007, TJX Cos. — the parent company of retailers T.J. Maxx and Marshall’s — reported a data breach costing Maine institutions $500,000. Last year, a breach in the system operated by the Hannaford supermarket chain cost $1.6 million.