Heartland credit card security breach

Dear Student:

The Contra Costa Community College District (CCCCD) recently learned that a company they use to process credit and debit card transactions has been affected by a security breach. The company, Heartland Payment Systems, is one of the largest payment card processors in the United States, handling approximately 100 million transactions each month for 250,000 different merchants. If you have used a credit or debit card to make purchases at any of the district's three colleges, your credit or debit card account information may have been exposed to the Heartland breach.

  1. What purchases at CCCCD are affected?
    Online fee payments, telephone fee payments, and purchases at the college bookstores are all processed by Heartland Payment Systems.
  2. What information was stolen from Heartland?
    Thieves were able to steal card numbers, card expiration dates, card CVV numbers (the three-digit code on the signature strip on the back of your card) and cardholder names. This is enough information to produce a duplicate card to charge purchases to your account.
  3. Was my address or Social Security Number compromised?
    NO. Addresses, Social Security Numbers, telephone numbers, and debit card PIN codes were not compromised. Note: without the cardholder's billing address, it would be difficult for the thieves to make online or telephone purchases, since most merchants verify the cardholder's billing address for such transactions.
  4. Do I need to worry about identity theft? Will the thieves try to open new accounts or loans in my name?
    The Heartland breach only exposes the card account details for specific credit or debit cards processed through Heartland Payment Systems. Since your address and social security number were not compromised, the Heartland breach does not increase your risk of identity theft.
  5. When did the Heartland breach occur?
    Throughout 2008.
  6. What should I do now?
    Watch your credit and debit card statements for any transactions you did not authorize. You will not be responsible for any fraudulent charges; you should contact your card issuer at the telephone number on the back of your card to report any unauthorized activity on your monthly statements.
  7. What about my Insite account?
    The Heartland breach occurred within the internal systems of Heartland Payment Systems, a company CCCCD uses to process credit and debit card transactions. There has been no breach within CCCCD systems; Insite and all other CCCCD systems are not affected by this incident.
  8. How can I get more information about the Heartland breach?
    Heartland Payment Systems has set up a special website to share information about the breach.