PRINCETON, N.J. (2/26/09)--Costs related to the data breach of Princeton, N.J. Heartland Payment Systems will be significant, but the company still cannot estimate how many consumer accounts were compromised, Heartland said Tuesday. The number of financial institutions--including credit unions--that have said their member/customers' credit or debit cards were compromised because of the breach has reached more than 500 so far, according to bankinfosecurity.com (Feb. 23), which is tracking disclosures by financial institutions about the breach. Another estimate is that the breach compromised about eight million accounts, so far (Las Vegas Sun Feb. 25). "At this time, we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection of such claims" by cardholders, card issuers, the brands, regulators and others, said Heartland Chairman/CEO Robert Carr at a press conference announcing fourth quarter financials for the company. Heartland officials reported that despite the economy, net revenue for the quarter was up 31.3%, total transaction processing volume up 23% to $16.5 billion, and an operating margin on net revenue of 13.9%. Carr said the company has been named in numerous lawsuits and is the subject of several governmental investigations and inquiries. They include a formal inquiry by the Securities and Exchange Commission, a related investigation by the Department of Justice, and inquiries by the Office of the Comptroller of the Currency and the Federal Trade Commission (American Banker Feb. 25). "We intend to vigorously defend any such claims, and we believe we have meritorious defenses to those claims that have been asserted to date," he said in the press release. He also said Heartland faces a second challenge--managing the potential impact of the breach on day-to-day operations of its business. Heartland President and Chief Financial Officer Robert Baldwin noted that the company still cannot estimate how long the malicious software program that sniffed data from its system ran, how many card accounts were affected, or how much the company will have to spend related to the incident. The news conference came as word of a second card processor's breach was being made public (News Now Feb. 24). The company involved has not been identified by MasterCard and Visa, but it involves a number of credit unions, as did the Heartland breach. Meanwhile more credit unions and banks across the country were reporting the effects of the Heartland data breach this week. Several hundred accounts at Boulder Dam CU in Boulder City, Nev., are being reissued cards. The credit union told the Las Vegas Sun said that although the breach was at Heartland, the credit union is responsible for $1,000 to $2,000 stolen from members' accounts. Gold Coast FCU, West Palm Beach, Fla., told the Palm Beach Post (Feb. 24) that about 2,600 members are receiving new debit cards in the mail. That will cost about $13,000, at a cost of $3 to $5 per card, said the credit union. In Endicott, N.Y., Visions FCU took out a newspaper ad acknowledging that some members were affected by the breach and emphasizing that the credit union itself experienced no breach of internal security. The credit union, which has more than 90,000 credit and debit cards, will reissue credit cards to protect members whose accounts are compromised (pressconnects.com Feb. 25). The publication also reported that Horizons FCU, Binghamton, N.Y., had taken measures to protect its members. The credit union said nearly one-third of its card base has been breached over the past three or four weeks--about 1,400 accounts. It has cost Horizons $15,000 so far to cover fraudulent charges, issuing new cards will cost between $3,000 and $4,000. Thieves in different parts of the country are buying items such as gift cards with the stolen data, Horizons President Mario DiFulvio told Press & Sun-Bulletin Tuesday (via pressconnects.com.