With customers shaking a collective fist at financial institutions of all stripes, the last thing banks needed was a massive customer data breach like January’s Heartland Payment Systems debacle.

But worse, bankers and other industry observers say, is that Heartland and other involved parties delayed alerting banks and haven’t done all they could to reassure nervous customers about the breach.

“I’m not mad at anybody over this – it happens, it’s going to happen again, but I think people could do a better job of getting out in front of it and letting the public know,” said Anthony Paciulli, president of Dorcester-based Meetinghouse Bank.

Heartland, a payment servicing company, announced on Jan. 20 it had suffered an enormous data breach, and that the personal information of potentially millions of consumers had been stolen. Media outlets and industry bloggers have since accused the company of waiting until Inauguration Day to make the announcement in an attempt to hide the problem.

If You Want It Done Right…

In any event, it’s the banks that have been alerting customers and making them financially whole again if they’ve been ripped off.

An incident like this only heaps more bad press on an already-troubled banking system, even though it isn’t the banks’ fault, Paciulli said: “It doesn’t exactly do a whole lot for our image.”

For its part, 130 Meetinghouse Bank customers had compromised cards, all of which had to be reissued at $20 apiece, he said. The bank also lost $35,000 to the thieves, not to mention the countless employee hours spent handling the problem.

Joseph Vinard, president of Chelsea Bank, said he has a bone to pick with MasterCard in particular; the company didn’t move quickly to alert banks, he said, even though it was aware of a data problem.

When Chelsea Bank’s MasterCard-using customers’ accounts showed irregularities, bank employees noticed the problem and worked overtime to stop transactions, reissue cards and reimburse customers, only to find out about the scope of the problem weeks later, when Heartland made its announcement.

“It’s a sad state of affairs for MasterCard not to have the courage or business acumen to send a memo out to let us know to keep an eye out,” Vinard said.

Say Anything

Paciulli said it would help banks tremendously if Heartland and the credit card companies, as well as the Massachusetts Bankers Association (MBA), could actively get the word out to banking customers – via the media or direct statements to customers – to let people know the banks aren’t to blame.

Heartland is one of the MBA’s sponsored organizations. According to the group’s Web site, sponsored companies are promoted “as a way of realizing savings for [member] organizations.”

Peter Blanchard, executive director of education management and member services with the MBA, said the group won’t immediately take Heartland off that list – the MBA will wait until the issue has been fully investigated, and take a look at Heartland’s conduct when all the facts were in.

“We will have talks with them and determine what went wrong, and determine how culpable they were,” he said.

The association has also circulated updates among its members, he said, but it has to be careful about what it says during an event like this. The association can’t publicly announce where a leak came from until the company itself announces it.

“As for [the credit card companies and Heartland] notifying the banks, perhaps they could do a better job,” Blanchard said, and added that those companies are conducting their own investigation and have to proceed with caution about what they say and when.