At least 135 banks and credit unions are reporting that their customer credit and debit cards were among those breached by intruders who hacked Heartland Payment Services last year.

The Independent Community Bankers of America association (ICBA) conducted a survey of its members to determine how many were notified by Heartland after the company disclosed on January 20th that hackers had breached its authentication system months earlier and obtained customer card account numbers and expiration dates, as well as an unspecified number of customer names.

Heartland acts as a middleman for authenticating and processing credit and debit card transactions between commercial entities — such as restaurants and retail outlets — and the financial institutions that issue the credit and debit cards to customers.

Heartland said it first learned of a possible breach in late October after Visa and MasterCard contacted it about suspicious transactions that appeared to indicate fraud. It took the company until mid-January, however, to find evidence of the breach on its system.

See the full report at Wired.