A widespread security breach disclosed by a U.S. credit card transaction processor has prompted Canadian Tire to cancel and re-issue 16,000 Mastercard credit cards issued by its financial services arm over security concerns, a company spokeswoman said.
Late last week, Heartland Payment Systems (NYSE: HPY)said it had closed a security hole in its computer network that may have exposed shoppers to one of the biggest data breaches on record.
Shortly afterward, Canadian Tire (TSX: CTC) launched an investigation of its own, said spokeswoman Lisa Gibson.
"The breach actually happened with Heartland," Gibson said.
"What we started to do was…call the cardholders and actually share the information with them and then cancel their card, and re-issue them a secure card."
Any card that was used in the U.S. during a specific period of time was deemed to be at risk, said Gibson, whose own personal card was affected.
Canadian Tire Financial Services manages the country's second-largest MasterCard franchise, with more than five million accounts. The number of cards affected represents a very small percentage of the total number of cards issued by the retailer, Gibson said.
"Having said that, obviously we wanted to take it seriously, which is why we cancelled the cards."
Cardholders whose cards have been cancelled can expect a replacement within seven to 10 days of the cancellation, she added.
Robert Greer, 50, received an automated phone message about the card held by his mother, who's vacationing in Florida. He said he made several calls to Canadian Tire, but remains less than satisfied with how his situation was handled.
"What I was trying to find out is what personal information people may have gotten other than the card," said Greer, who lives outside Huntsville, Ont no fax payday loans., north of Toronto.
"They wouldn't say."
Greer described his efforts to learn more about the breach as a “fascinating process," but also said he understands why there'd be a reluctance to release much information.
"They're in business, they don't want to tell customers they've had a big breach of their security," he said.
Heartland has released little information about which merchants in the U.S. were affected by the breach, but a number of other credit-card issuers were also impacted, including Visa, Gibson said.
In a statement issued last week, MasterCard said it was monitoring developments related to the breach.
"If cardholders are concerned about their individual account, they should contact their issuing financial institution," the statement said, adding most cardholders are protected by so-called “zero liability" rules.
"In most instances a cardholder will not be liable for unauthorized transactions on his or her account."
Mastercard has refused to comment further, citing an ongoing investigation. Heartland president and chief financial officer Robert Baldwin said the company immediately notified U.S. law enforcement officials after learning of the breach.
Heartland processes 100 million payments a month, but it's not yet clear how many people's information was compromised by the leak, which occurred in 2008.
The company has said its Canadian operations were not affected by the security breach.
16:38ET 29-01-09
Source