MADISON, Wis. (1/26/09)--Throughout the day Friday, media were reporting about credit unions whose members were among those whose accounts are impacted by the far-reaching data breach at Heartland Payment Systems. The Association of Vermont Credit Unions (AVCU) said that the breach has already affected 6,000 cards at credit unions on the association's ATM/debit card program, as well as thousands more at other Vermont credit unions (Newslines Express Jan. 23). AVCU said it learned of the developing breach from its processor on Jan. 9, more than a week before Heartland issued its press release on Inauguration Day. AVCU "immediately began passing along what we learned of the developing situation to credit unions. We also began working with CU CheckCard credit unions, our processor Fifth/Third Processing Solutions, and MasterCard to deactivate and reissue compromised cards. To date, the number of compromised CU CheckCards already stands at approximately 6,000," AVCU said. That compares with 6,500 CU CheckCards that were cancelled or reissued last year in the wake of a data breach at Hannaford Bros. groceries. In Dayton, Ohio, Wright-Patt CU was contacted Thursday by Heartland with names of affected cardholders at the $1.380 billion asset credit union. About 15% of the credit union's cardholders were affected, Wright-Patt Vice President Jeff Carpenter told Dayton Daily News (Jan. 23). Members who receive a new card will have two weeks to activate it before the old card is deactivated. Two weeks allows the credit union to balance reducing the financial risk to the credit union with giving cardholders who are out of town a chance to activate their cards, he said. Several Maine credit unions, who were hit hard by both the Hannaford Bros. and TJX Cos. breaches the past two years, were told by Visa and MasterCard that fraudulent charges were placed on members' cards between mid-May and mid-August last year, Jon Paradise, spokesman for the Maine Credit Union League, told Seacoastonline.com (Jan. 22). About 500 Visa credit and debit cards issued by PeoplesChoice CU, Saco, Maine, might have been compromised, said Luke Labbe, president/CEO, in the same article. He estimated that 50 to 60 members had fraudulent charges on their cards. The credit union had noticed a pattern of small charges at gas stations in the South followed by a larger charge of about $500 at a nearby Wal-Mart. Labbe said the credit union had been experiencing losses since October but didn't know where they were coming from. CU Community CU, Springfield, Mo., told local media the breach may have affected 350 members. So far, thieves have charged $11,000 through 16 cards, but the credit union prefers to play it safe and cancel and reissue new cards to avoid fraud risks (KY3.com Jan. 22). In Washington State, Boeing Employees' CU (BECU) had no spike in suspicious activity and it doesn't know yet if members are affected. However, another credit union, Washington State Employees CU confirmed some of its members are affected, but it doesn't know yet the extent and how many (Seattle Post-Intelligencer Jan. 23). And in Olympia, Wash., Thursday, lawmakers were discussing a bill to protect financial institutions from bearing the cost of such breaches. If a security breach involves 5,000 or more accounts, the third-party company that was breached would be required to reimburse the organization whose customers are affected. The bill also proposes that businesses not retain credit/debit card information on customers once the transaction is authorization.