AUGUSTA -- Kennebec Savings Bank has informed 1,500 customers their debit card numbers may have been compromised in a security breach.

Bank officials blamed the breach on credit card companies' failure to police the merchants that use their cards.

The breach was reported to bank officials by MasterCard.

Mark Johnston, bank president and CEO, said customers have been asked to monitor their checking accounts and contact the bank if they see any suspicious activity.

"It's another one of these situations where possibly, maybe, there appears to be data intrusion," Johnston said Friday. "We have very little information at this point whether it is a processor or merchant. There were approximately 1,500 (bank customers) possibly impacted by this possible intrusion."

He said the bank is not currently planning to automatically reissue debit cards because there has not been any sign that fraud has actually occurred on bank accounts, because of the major inconvenience to customers, and because of the huge expense for the bank itself.

If customers are uneasy, he said the bank will send them a new card.

"This isn't the fault of the cardholder or the bank," he said. "Some merchant or processor didn't have the appropriate security measures on their equipment to prevent this."

He said his bank has multiple security measures in place to prevent a breach because security breaches are costly for banks and credit unions. Mailings to inform customers and send out new cards also are expensive.

"None of us have done anything wrong," he said. "Unfortunately, it's the way it's going to be until Visa and MasterCard put requirements in place with penalties severe enough that merchants aren't keeping the data and, if they are, have appropriate lockdowns so no one can get any of it."

The cost of replacing credit and debit cards that were compromised by the breach of Hannaford Bros. computer security will run into millions of dollars for Maine banks and credit unions, and those institutions likely will have no choice but to bear the cost.

Data belonging to customers of Hannaford Bros. was breached in March 2008.

In that incident, some 1,800 unauthorized charges were made on customer cards from December 2007 through March 2008, with the identities of 4.2 million customers potentially exposed to fraud.

Banks took much of the brunt of that security failure, as the cost of reissuing debit and credit cards is at the expense of the financial institution.

One bank executive at the time said the cost to issue about 14,000 new cards to customers -- including administrative time, mailings to customers and the cards themselves -- was about $10 to $12 per card in the Hannaford case.

Mechele Cooper -- 623-3811, ext. 408

mcooper@centralmaine.com