Card data breaches are announced by the card associations (Visa, Mastercard, Discover, AmEX, etc.). They typically don’t name the merchant (or merchant processor) who was breached. If the merchant deems the breach was serious enough to divulge that a breach occurred, they will announce it. Sometimes, Coastal learns of the merchant as the announcement is being made. Sometimes, we don’t. There is currently no federal or state law that requires a card association to name the merchant that was breached nor is there a law requiring the merchant to announce they have been breached.
If Coastal learns of the merchant that was breached, we will advise our members as we re-issue their cards or sooner.