There has been a widespread problem in US banks regarding debit card information and many customers are at risk. Six financial institutions, including Mainstreet Bank, Savers Bank, The Village Bank, Watertown Savings Bank, Webster Five Cents Savings Bank and Eagle Bank have had their debit card security compromised following a security breach of a merchant’s payment card platform.
This is an issue that is occurring more and more every day, with affected customers growing in numbers with every hack. This is why the financial institutions filed a report with the Massachusetts state government to inform the public and try to get ahead of the problem.
Statements have been released, and a copy of a notice sent to Eagle Bank customers was recently posted on the government site explaining the reasons for the fallout, an unnamed Mastercard merchant allowed unauthorized access to bank account information, compromising the security of the information of users. The Village Bank and Savers Bank confirmed the information by posting their own notices and letters to their customers appraising them of the situation.
In the Savers statement affected customers can read “We have been notified by MasterCard International of a suspected security breach of a merchant’s network, transactions that may have compromised some of Savers Bank’s debit card numbers. We have not had any evidence of fraudulent activity, however, for your account protection; we are reissuing all affected cards. You will be receiving a new debit card ordered on October 29, 2024.”
Officials at the institution, as well as officials at Eagle, have reassured customers that they will be sent replacement debit cards automatically, with no need of any extra reporting or justification to avoid the spread of fraudulent charges to the compromised cards.
Webster Five Cents Savings Bank has also joined in issuing mandatory new debit cards but seems to have reported fewer details of the breach to its customers, ostensibly to avoid unnecessary panic at this early stage. “It was recently reported to us that your Webster Five debit card number may have been compromised.
$725 Stimulus Payment in California: Here’s What You Need to Know to Qualify
To avoid any possible unauthorized use of your card, we have issued you a new debit card which will be arriving in the mail in 7-10 business days. […] It’s important to review your statements as soon as they arrive for any unusual transactions. If you discover that your card has been misused, please notify us immediately so we may close your card and work with you to file a dispute. You are not liable for unauthorized debit card transactions if we hear from you within 60 days after we sent the first statement on which the problem or error appeared.”
Watertown Savings Bank is using a more conservative approach by asking customers to be vigilant and only issuing new cards upon request. This may be a good idea to avoid panic, but in the long term may be counter productive as panicked individuals whose information has not been compromised may ask for a new card out of an abundance of caution. In their statement they reflect.
“The breach included the capture of some of your personal information, such as your name and card number…we do ask that you remain vigilant on monitoring your account activity for the next 12 to 24 months and report any unusual or suspicious activity immediately. If you prefer that we issue a new card please contact the bank.”
Mainstreet had a bit more information revealing the dates of the breach, “June 28, 2023 through April 26, 2024” and the type of information obtained by the attackers, which included personally identifiable or protected data. They are also using the conservative approach of not automatically replacing the affected debit cards but offering replacements to those who wish to order one.
As they said “We have reason to believe that some of our customers may have had their card data compromised (which could include card names, numbers, and card expiration dates) in the incident. At this time, we have no reason or evidence to believe that an unauthorized individual retrieved any personal information such as Social Security Numbers or Main Street Bank account numbers.”