Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Big Data / Heartland Cardholder Data Breached
Heartland Data on Cardholder Transactions Breached
Heartland Data on Cardholder Transactions Breached
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Heartland Payment Systems on Tuesday revealed it was the victim of a system security breach. The hack occurred in 2008, and Heartland believes the intrusion has been contained.

According to the company, no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach.

Robert H.B. Baldwin Jr., Heartland's president and CFO, said the company discovered suspicious activity last week and immediately notified federal law-enforcement officials as well as the payment card brands.

"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice," Baldwin said.

250,000 Companies at Risk

Heartland delivers credit/debit/prepaid card processing, payroll, check management, and payments solutions to more than 250,000 business locations nationwide.

It discovered the breach after Visa and Mastercard reported suspicious activity surrounding processed card transactions. Heartland engaged forensic auditors to conduct an investigation that uncovered malicious software compromising data on Heartland's network.

Heartland said it immediately took steps to secure its systems. Heartland is also implementing a next-generation program designed to flag network anomalies in real time and enable law enforcement to apprehend cybercriminals.

"Heartland apologizes for any inconvenience this situation has caused," Baldwin said. "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."

An Expensive Attack

Michael Argast, a security analyst at Sophos, said the Heartland breach may not be as bad as it looks -- it may be worse. This is going to be a painfully expensive experience for Heartland, he said, because the costs don't stop at disclosure, lack of good faith with merchants, or regulatory penalties. The cost of securing Heartland's environment and fixing the data loss could run into the millions or even billions of dollars.

"Organizations like Heartland are under sustained, targeted attacks. Customer records typically sell for 50 cents to two dollars each on underground card-trading networks -- times millions of records, this represents significant revenue for the criminals who successfully compromise a high-value target," Argast said.

Although there is no such thing as a bulletproof database or perfect security, in this particular situation the problem was not the theft of a database, which may have been secure, Argast said. The data was intercepted in transit at a time it was unencrypted.

"Security is a process, not a product," Argast said. "In the case of banks and transaction-processing companies, they need to take a much stronger stance on securing their data due to the significant rise in targeted attacks."

Heartland has created a Web site -- -- to provide information about the incident to cardholders. advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.

Read more on: Hacker, Security, Cardholder
Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.