USAA Credit Card fraud - breach, or another payment processor?

[security curmudgeon <jericho () attrition org>]

Earlier this year, Heartland was compromised as most of the civilized 
world knows. Since they were a payment processor, the impact was huge and 
over 650 institutions were affected [1]. One of these institutions was 
USAA [2], who verified to me via a phone call that my card being re-issued 
earlier this year was due to Heartland.

I know three other people affected by Heartland via USAA, one family 
member and two coworkers. Each of had our credit cards re-issued with new 
numbers and expiration dates (month and year).

Today, I found out that two coworkers both experienced fraud on their 
newly issued credit carts. The charges occurred in the last couple of 
days; one person had two charges on NFLSHOP.COM for 1104 and 1504, the 
other person had two charges listed as "USC ALUMNI ASSOC INTER" for 10 
dollars each.

It's difficult to write all of this off as coincidence. Is this a first 
sign of a new breach at USAA? A payment processor? Does anyone have more 
cases of fraudulent purchases on their USAA issued credit cards within the 
last 30 days?


[1] http://www.bankinfosecurity.com/articles.php?art_id=1502
[2] https://www.usaa.com/
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php