Heartland data breach involves millions of customer transactions
Filed under: Banks, Credit, Fraud, Identity Theft
With all the earnest concern of a 2-year-old with milk on his chin, Heartland Payment Systems, a credit transaction processor for over 250,000 businesses, has reported a mighty considerable data breach. From it's Princeton NJ headquarters, Heartland has reported that investigators hired by the company have discovered malicious software which was intercepting transaction data as it was being sent to its in-house system for processing. The company considers the theft of customer names, card numbers and card expiration dates to be good news, as opposed to if data thieves had also harvested Social Security numbers and card holder addresses. Apparently, Heartland Payment Systems has formed the opinion that this data breach presents little in the way of an identity theft hazard.
A report from WashingtonPost.com, Security Fix, indicates that the security breach at Heartland initially occurred last year. The report also states that U.S. Secret Service has been involved in the investigation. What the report cannot say is which of Heartland's many business clients may have had transaction data stolen. Evidently, it's Heartland's position that to start naming names would be unfair to clients whose transactions may not have been compromised.
At this point, consumers who may have been affected by this data theft may sit back and relax knowing that, for now, sitting back and relaxing is the only option that Heartland Payment Systems is providing as redress. All indications are that the company considers this situation to be of minimal hazard to the financial well being of consumers. However, if you've recently been issued a new credit card or account number by your bank, your transactions might have been involved in this security breach. Consumers are encouraged to carefully review all credit account statements they receive.
At this point, consumers who may have been affected by this data theft may sit back and relax knowing that, for now, sitting back and relaxing is the only option that Heartland Payment Systems is providing as redress. All indications are that the company considers this situation to be of minimal hazard to the financial well being of consumers. However, if you've recently been issued a new credit card or account number by your bank, your transactions might have been involved in this security breach. Consumers are encouraged to carefully review all credit account statements they receive.
Reader Comments (Page 1 of 3)
1-21-2009 @ 1:59PM
Thomas Rooney said...
Top site you have here. Really enjoy using it. Would you be able to email me when you get the chance? It would be much appreciated.
Thanks
Thomas
Reply
1-22-2009 @ 1:01PM
Allison said...
It maybe too late for these people, but this is interesting...
Top 10 Ways to Lock Down Your Data
http://www.curiousread.com/2008/12/top-10-ways-to-lock-down-your-data.html
Goodluck
1-22-2009 @ 12:28AM
Tom Mahoney said...
Gary;
I think you accurately portray the attitude at Heartland.
You might want to take a look at my blog to see how serious this thing is going to get. It's far beyond what you've read in the press so far. merchant911.org/blog
I seriously believe we're looking at 200-300 million accounts.
Tom Mahoney, Director
Merchant911.org
Reply
1-22-2009 @ 1:15PM
Nathan said...
Tom I have a dumb question for you in the past couple of years how many breaches have been reported. I heard close to 500? I also heard that the Pentagon was also hit so this leads me to believe that no system no matter how "secure" is immune.
1-22-2009 @ 12:17AM
John Franks said...
Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome.
Reply
1-22-2009 @ 11:10AM
concernedcitizen said...
Check out the following sites for more good stuff about breaches:
http://www.nationalidwatch.org/
http://www.securitycatalyst.com/author/aaron-titus/
Reply
1-22-2009 @ 11:09AM
torgo2009 said...
Perhaps it was our own government that was doing the intercepting.
Reply
1-22-2009 @ 11:07AM
tammy fuller said...
you pay your credit cards every month but doesnt seem like it is going down
Reply
1-22-2009 @ 11:50AM
Jean said...
You need to pay your total amount due, then you won't have extra charges. Buy only what you need to get out of debt.
1-22-2009 @ 11:07AM
Chris said...
My bank called me last night and told me I was effected by this. They are giving me all new cards. Trouble is I am leaving for Vegas on Sunday and now I won't be able to withdraw money from my account. Maybe thats a good thing!
Reply
1-22-2009 @ 11:04AM
Rob said...
I wonder if it was the Banks themselves who had the malicious software
placed, so they could be ahead of the credit card companies
in predicting their own stock prices and shopping trends???
Reply
1-22-2009 @ 11:13AM
jagman said...
Just wait untill the hackers get into the online payroll companies computers, like costco, cyber pay, pay cycle, sure pay accountants world, etc.
Not only will you paycheck be gone along with your identity, your company's bank accounts can be drained and you can be out of work.
Reply
1-22-2009 @ 11:50AM
Dennis said...
It is strange these co KNOW there is a problem, and it is ongoing, but they will not or can not fix it, they will charge you extra for a bum fix just to get more money. I f air plane takes off with low fuel and crashes it is at fault becouse they screwed up they knew no fuel no fly! some for these co's their is a on going problem that they DO NOT FIX they try patch after patch and it is still their.Should all their systems be shut down till it is fixed or made safe, it will not happen till some lawyer sues them for negilance operation for knowing system is flawed and they know it and still use it becouse they control the money and congress.
Reply
1-22-2009 @ 12:10PM
sharon said...
Well I got me letter from the bank last week and my information on my Master Card/Credit/debit card was compromised and well that made my day. I was told to watch the checking account for anything unusual and report it asap and in the mean time come tomorrow my old card will go on the hot sheet as to being stolen and guess what ??now I ahve to wait to get my new card and well even though some things in life are not fair as for me having to wait at least my information is still safe (I hope)
Reply
1-22-2009 @ 12:25PM
Beale said...
"All indications are that the company considers this situation to be of minimal hazard to the financial well being of consumers....as opposed to if data thieves had also harvested Social Security numbers and card holder addresses."
Oh really? So they are intelligent/wiley enough to gain access and record name and account numbers, but not smart enough to cross reference any databases they may already have to match them up? Wasn't there another large breach a year or so ago (about the same time) at another processing company where names and SS#'s were stolen?
IMO, the biggest problem is that the crooks are more intent on stealing the info than the companies are to protect it. There is nothing that con not be breach in one way or another. The sad part is that the average consumer has NO control over it unless you are paying for EVERYTHING in cash- not really an option in this day and age.
Bill
http://1energydrinks.com
Reply
1-23-2009 @ 12:36PM
Lance said...
"unless your paying everything in cash....Not really an option in this day and age"....
I beg to differ!!!! Cash is king! Especially in a down economy. No debt.. no worries..
Although I am still worried about this!
1-22-2009 @ 12:26PM
undrgrndgirl said...
who ever from "the company" is a jack arse...i'd like to know who uses heartland payment systems to process their payments, so that 1. i could stop going there; 2. i could inform them WHY i am not going there....
and duh! are they not running malware protection???
Reply
1-22-2009 @ 12:38PM
Andy said...
When will people start getting the point... We don't need to be mad at the corporations, why not take the energy to fix the real problem: the idiots that are doing the theft. Cry about capitalism or socialism all you want... Blame the companies or CEO's or banks all you want. It is the people themselves that need to be stopped. I have had enough of everyone looking for others to hold responsible. Why don't we stop looking for others to sue for pain and suffering and unite to stop the true criminal.
Reply
1-22-2009 @ 1:00PM
JESSICA said...
Went to LOWE'S last week and purchased some stuff in there, paid with my credit card and next day my PIN numbers did not work or were changed..!!!!....be careful..
Reply
1-22-2009 @ 1:33PM
Rocky said...
When are people going to learn to stop using credit cards. This is the only way to protect yourself. If you use cash you don't go into debt and you don't have to worry about your card info. being stolen. A visa debit card can be used as a credit card when necessary.
Reply