Chances are BofA doesn’t know what happened either.

When data breaches happen, the processor/acquirer reports the breach directly to the networks, in this case, VISA. VISA then issues out a memo to every financial institution that had issued the cards which was in the data breach. All what BofA is doing is following standard protocol from VISA: "Dump away the cards immediately and issue new ones ASAP; we'll explain it in detail later as we investigate so that you can explain to your customers what happened if you want to do so."

Every minute counts because once a data breach happens, all it takes is a hacker clicking a mouse and it's all over the internet for others to exploit. There is no time to waste to call everyone and explain. It's faster to dump away the cards that have been breached and issue new ones.

I've had this happen to my Citi issued cards in the past as well. One hour I would be able to use it at a gas station, the next hour, the card is rejected at the grocery store. When I log online, I see my card cancelled and a new one that reads: "A new card was sent out to you. Please activate once you receive it."

Yes, it's a bit of a PITA, but if you want someone to blame, blame the hackers who did the data breach.


And if you really want something to know, it's always a good idea to have the "receive important text message alerts" option ticked on. That way, when stuff like this happens, it's easier for the banks to let you know instantaneously and mass mail out a text message to everyone that a card has been breached.


And with regards to the credit report, don't worry about it. Nothing negative is going to hit you.