Benson Bolling, vice president of lending at the Alabama Credit Union in Tuscaloosa, said Friday that officials there had understood the breach to be a new one based on the alerts sent out by Visa - but couldn't say that for sure. According to Bolling, the credit union, which on Feb. 17 and updated it two days later, was informed by Visa of a "big breach" shortly after getting the word about the intrusion at Heartland.

The identifying number that was used in the so-called Compromised Account Management System alert issued by Visa appeared to suggest a new breach, because it was different from those used in previous CAMS notices, Bolling said. It was his understanding, he added, that CAMS alerts related to a previous breach would use the same identifier as the original notifications.

Almost 50% of the issued by the ACU have been affected between the Heartland breach and the compromises detailed by Visa in the latest CAMS alert, Bolling said, without disclosing the number of compromised cards.

The Pennsylvania Credit Union Association also issued an advisory, dated Feb. 13, in which it described the recent alerts from Visa and MasterCard as being related to a new breach. "As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor," the PCUA said. The advisory appears to have since been removed from the association's Web site, but a can be found via the Google search engine.

An advisory posted by the in Alabama also indicated that "another" payment processor had been breached and said that the compromise involved so-called card-not-present transactions, such as those made online or via the phone. Tuscaloosa VA noted that the "window of exposure" provided by both Visa and MasterCard was from February 2008 to this January. And like the PCUA, the credit union said that because the affected payment processor had yet to publicly announce the breach, Visa and MasterCard were unable to identify it.