Truemors
is reporting from
Member
NP Rank:
NP Rank:
Heartland Payment Systems Security Breach: 100M at Risk
Share:
by Tina Kells | January 21, 2009 at 01:03 pm
491 views | 2 Recommendations | 1 comment
Photos
Videos
Heartland Payment Systems, the sixth largest credit card payment processor in the United States has suffered a security breach that could put as many as 100 million accounts at risk.
Heartland Payment Systems issued a press release exposing the identity theft on January 20.
Heartland Payment Systems processes credit card payments for a large number of small and medium sized retailers and restaurants, broadening the reach of this huge security breach.
Heartland processes 100 million transactions per month. If each of those transactions is for a different credit card holder the number of people impacted could be enormous.
The hacking appears to have been an inside job. The identity thieves are thought to have installed the software on Heartlands servers. Federal investigators identified the breach last week on the company's internal computer network.
Last month several credit card customers reported strange 25-cent transactions from Adele Services on their credit card statements. It is not known at this time whether those mystery transactions are related to the fraud but if you see Adele Services on your statement contact your credit card issuer right away.
Federal investigators determined the source of the breach only last week. Spyware installed somewhere on the company’s internal network that sniffed unencrypted credit card transactions as they passed through Heartland’s systems.“Heartland believes the intrusion is [now] contained,” reads the press release.
Actual damage assessments are still in progress, and the real question is just how much data the malware was able to capture. Heartland CFO and president Robert Baldwin, in an interview with BankInfoSecurity.com, said his company was confident that the only data picked up was cardholders’ names and credit card numbers.
Baldwin would not speculate on the actual number of credit card accounts exposed. The company’s press release, however, could confirm that the breach had no effect on the company’s other services, which include payroll and check processing, micropayment solutions, and its “recently acquired” Network Services and Chockstone processing platforms. Similarly, cardholder’s addresses, PIN numbers, and other personal data were also unaffected.
The unknown hackers’ sniffers were able to pick up credit card numbers because the data is sent unencrypted over Heartland’s internal network, a policy that Baldin justified as necessary “to get the authorization request out.”
Late last month, various blogs reported a number of mysterious, fraudulent sub-25-cent transactions appearing on readers’ and bloggers’ credit card statements, coming from a nonexistent company called “Adele Services”. While it appears these events are unrelated, some consider the timing suspicious.
What is NowPublic?
NowPublic lets people work together to cover news events around the world.
Crowd Power
Tina Kells
Vancouver, Canada
Most RecentMost Recommended Comments (1)
at 04:11 on January 29th, 2009
I am concerned becouse this should not have happened. distribution of this type of info is prohibited by federal laws!