Credit card processor suffers major data breach

By Mel Duvall

Payments processor Heartland Payment Systems disclosed this week that it has suffered a security breach that could potentially expose millions of credit and debit cardholders to the risk of fraud.

The full extent of the breach was not yet known, but it has the potential to become one of the biggest data compromises reported to date.

"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," Heartland President and CEO Robert Baldwin said in a statement. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."

{sidebar id=8}

Heartland became aware of the intrusion after being alerted by credit card companies Visa and MasterCard of suspicious activity surrounding processed card transactions. Heartland brought in forensic auditors to investigate the activity and uncovered malicious software that had compromised its network.

Heartland said merchant data and cardholder social security numbers were not compromised, however, it is believed the intruders were able to obtain card numbers, expiration dates and possibly cardholder names.

Heartland acts as a payment processor between companies, banks and the credit card issuers. The sniffer software on the company's network was able to capture the data after consumers swiped their cards in stores or businesses and the information was passed through to Heartland's system for transaction approval.

It will take time before the full extent of the breach is known. Heartland handles payment processing for more than 250,000 businesses across the country and processes some 100 million transactions each month. But the breach could become one of the largest reported to date and rival the breach at TJX Companies in 2007 which operates a number of retail chains.

Heartland said it was taking immediate steps to fortify its network security, including implementing a "next-generation program designed to flag network anomalies in real-time."

Enjoyed the article?

Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.

E-mail address

Rate this blog entry:
Mike Gaudreau has not set their biography yet