A large data breach at an unidentified national business has prompted First National Bank of Omaha to reissue new debit cards to customers in seven states.
First National’s own security was not compromised in the incident, a spokesman said. Its connection to the breach is limited to customers who may have done business with the company that was the target of the attack, he said.
“We recently issued new debit cards across our seven-state service area to customers whose cards may have been compromised through a nationwide breach that has not yet been announced,” First National spokesman Kevin Langin told The World-Herald.
The Omaha-based bank has operations in Nebraska, Iowa, South Dakota, Kansas, Colorado, Texas and Illinois, and in a letter to customers explained that its routine fraud-monitoring efforts had determined those customers’ cards were at risk of being compromised because of the breach of an outside company.
“As a result of our reviews we have learned that potential exposure by a third party not associated with First National Bank may have caused your debit card to be at risk for possible unauthorized use or fraudulent activity,” said the letter, which was obtained by The World-Herald.
“The company affected, the card networks and investigators are still working to determine the extent of the exposure,” Langin said.
Citing the ongoing investigation, he wouldn’t say exactly how many customers were affected. Only debit cards are being reissued, not credit cards.
The FBI hasn’t issued a briefing on any such incident, a spokeswoman in the Omaha office said. The Secret Service in Washington also had nothing to report, a spokesman said. Both agencies said that doesn’t mean they’re not investigating an incident.
According to the Identity Theft Resource Center, a national group, there have been more than two data breaches every day this year, on average, at organizations including retail businesses, hotels, financial institutions, government agencies and universities. That rate is slightly lower than last year’s.
Langin said First National decided to reissue cards now “in an effort to prevent (customers) from having issues using their cards during the holiday season.”
Cardholders generally aren’t liable for unauthorized transactions made using compromised MasterCard or Visa cards, provided they alert the bank through which their card was issued. Discover and American Express also have similar fraud-protection programs.
First National is one of the top 15 issuers of credit and debit cards in the United States.
Langin said he expects the issue also will affect other banks. Large metro-area institutions, including Mutual of Omaha Bank, SAC Federal Credit Union, Wells Fargo, Pinnacle Bank and Great Western Bank, all said they were not yet aware of any such breaches.
A spokesman at payment processor TSYS Inc. said he was not aware of any ongoing, national breach investigations. First Data Corp. said it also was unaware of any national breach. The Atlanta-based payments processor, which processes almost half of all global card transactions each year, has major operations in Omaha.
Officials at Omaha-based Metro Credit Union said they expect their customers will not be affected by the breach referenced by First National because the organization replaced all of its customers’ credit and debit cards with new, more-secure chip cards earlier this year.
“All those old card numbers that thieves have won’t work, so we’re not seeing anything in terms of fraud since those cards are dead,” said Dean Bevirt, operational risk manager at Metro.
First National has said it will start issuing the chip-embedded debit cards early next year. When it comes to its approximately 3 million credit cards, First National already has reissued chip cards to more than half.
The chip cards are more secure than traditional swipe cards because each transaction is transmitted as a unique code that is good only for that particular transaction. That compares with swipe cards, which use the same data over and over.
High-profile compromises at retailers including Target and Home Depot resulted in hackers stealing almost 100 million credit card numbers in addition to other customer information in 2014 and 2013.
More recently, the federal Office of Personnel Management in July announced the compromise of sensitive data including Social Security numbers for 21.5 million current and former employees.
Through Oct. 27, the Identity Theft Resource Center has identified 629 breaches of data this year that have involved more than 175.6 million records. The number of breaches is down slightly from the same period last year, in which the nonprofit advocacy organization tracked 643 such breaches.
Contact the writer: 402-444-1534, firstname.lastname@example.org