We’re aware of the recent card data breach affecting a major retailer’s customers.
What Are We Doing?
We are monitoring the situation and working with VISA to determine if METRO cardholders are affected. We have also increased our normal fraud-protection surveillance to a higher level of scrutiny for our members' accounts to determine if any unusual transactions have occurred. We will take steps to alert all affected cardholders and reissue debit or credit cards to protect cardholders as soon as we receive notification.
Updated - 12/26/2013
In order to protect our members' accounts and the assets of the entire membership, we have had to block all affected cards as of 10:00 am December 24, 2013 PST. The Chula Vista Branch will be open on Saturday only to reissue new cards and Parkway Branch in El Cajon will of course be open for business as usual to assist affected members with new cards.
Updated - 12/30/2013
METRO received an updated report by VISA on additional compromised cards. Communication to those additional affected cardholders is in process. We advised members to continue to monitor their accounts and immediately report any suspcious activity by calling us at 619-297-4835.
Parkway Branch, 119 Fletcher Parkway, El Cajon | M, T, Th, F 9 – 5, W 10 - 5, Sat 9 -2 Metro Centre, 320 B Street, San Diego | M, T, Th, F 8:30 – 4, W 10 – 4, Closed Sat Chula Vista, 344 F Street, Chula Vista | M, T, Th, F 9 – 5, W 10 - 5, Sat 9-2
Christmas Eve - December 24
Tuesday|Closed at noon Christmas Day - December 25
Wednesday|Closed New Year's Eve - December 31 Tuesday|Closed at noon New Year's Day - January 1, 2014
What should METRO Members do?
Several options are available to METRO members including monitoring monthly statements, account activity using homebanking, mobile banking or setting up homebanking account alerts.
If you suspect unauthorized activity on your account, please contact us immediately at 619-297-4835.
Updated 12/23/2013 ALERT:
We have been notified that further fraud attempts are being made to our members in the form of "phishing" - 1) Emails claiming to be from SDMCU (METRO), 2) Fraudulent calls to members whose card data may have been breached pretending to be a bank or credit union representative in order to get further data, 3) Websites and/or services claiming to resolve the issue on your behalf.
DO NOT GIVE OUT ANY DATA such as driver's license number, social security number, account or PIN number to anyone over the phone or through email. Call the Credit Union at our direct line: 619-297-4835 and report any suspicious attempt.
How did this happen?
The investigation is on-going. Security breaches often involve hacking into a company’s servers and making off with the data or through tampering with the machines customers use to swipe their cards when making purchases. Compromised card data for this breach is limited to cards used at the retailer's U.S. stores November 27 to December 15 and includes customer names, card numbers, expiration dates, encrypted PINs and CVV security codes.
How common are data breaches?
Very common, unfortunately. A 2007 security breach at T.J. Maxx resulted in the theft of card numbers and personal data for roughly 90 million customers. Worth noting in that case is that the original estimate was just 45.7 million affected customers — still enough to be the largest payment card security breach ever at the time. Federal prosecutors are also still investigating a group of security breaches that resulted in more than 160 million stolen credit and debit card numbers, from companies including J.C. Penney, 7-Eleven and JetBlue. A breach of Heartland Payment Systems in 2009 resulted in stolen data on more than 130 million cards.