BEAVERTON, Ore. (1/22/09)--Roughly 45% of card breach victims lose confidence in the safety of their financial accounts as a result of a data breach incident, according to a new study by Javelin Strategy & Research. Credit unions whose members' cards are affected by the Heartland Payment Systems breach, which was announced Tuesday, may need to provide greater member service with those members as a goodwill effort. In a down economy, criminals tend to be opportunistic and creative in their approaches to stealing identity information and depositing malware on computers, said Tom Wills, senior security analyst at Javelin. "More than ever, businesses must be vigilant and proactive in protecting their digital assets," he said. The latest breach is part of a trend of increased use of malicious malware, said Rich Mogull, founder of Securosis, an information technology security consultancy in SCMagazine.com (Jan. 20), a publication for security professionals. With Heartland, there's "now a very clear trend. If you look at the largest breaches that we can definitely link to fraud, all relate to malicious software being installed somewhere in the payment system," he added. In the Heartland breach, once consumers swiped their cards, "sniffer software" captured that data as Heartland sought authorization from the major payment companies and banks and credit unions. Customers of Visa, MasterCard, American Express and Discover Financial are all vulnerable, according to The New York Times (Jan. 21). "We have industry-leading encryption, but the data has to be unencrypted to request the information," Heartland President/Chief Financial Officer Robert H.B. Baldwin Jr. said. He said authorities believe the thieves may be part of an international ring of hackers introducing breaches at a number of financial institutions, he told the Times. The same method of hacking data was employed in other huge data breaches such as the January 2007 TJX Cos. discount retail chain breach, which comprised 90 million card numbers, and last year's Hannaford Bros. grocery chain breach. Both breaches and one of the now defunct CardSystem Solutions, which compromised 40 million accounts, affected many credit unions, which replaced thousands of members' compromised credit and debit cards. "Most corporations today are failing to put a proactive plan in place before a breach happens which has a direct impact on their bottom line through customer retention and reputation management," said Rich Kam, president of ID Experts, which is working with Javelin on research. "Having an incident response plan in place can minimize the impact of a breach, increase response times, and significantly decrease customer attrition rates," he said. The Identity Theft Resource Center reported recently that data breaches were up 47% in 2008, compared with 2007 breaches, which totaled 447.