Eagle Bank cancels payment cards over merchant breach


Massachusetts-based Eagle Bank had to cancel customer debit cards after learning that an unnamed US merchant had its network penetrated for eight months.

The bank learned about the breach from payment-tech provider MasterCard. According to Eagle Bank’s letter to affected individuals, a US merchant breach may have exposed its customers’ MasterCard debit card data.

Attackers may have roamed the merchants’ network for eight months between late June 2023 and late February 2024. The intrusion, Eagle Bank said, may have affected MasterCard account numbers and account details.

“As a precaution, we will be terminating your existing debit card and issuing you a new one,” the bank said.

Eagle Bank stressed that the attack only affected a merchant and did not impact the bank's security or any of its systems.

Exposing payment card data poses severe risks to users whose data was revealed.

Malicious actors can use the information to make unauthorized payments and drain the victim’s funds. Moreover, attackers may try to mask their illicit activities using stolen card details.

Individuals whose data may have been impacted are advised to stay vigilant for up to 24 months and monitor their account statements for irregular transactions.