Hackers breach Heartland Payment

Discussion in 'The Studio Lounge' started by v1ru5, Jan 21, 2009.

  1. v1ru5

    v1ru5 Well-Known Member

    Hackers breach Heartland Payment credit card system
    Updated | Comment | Recommend E-mail | Save | Print |
    By Byron Acohido, USA TODAY
    Heartland Payment Systems (HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.

    Robert Baldwin, Heartland's president and CFO, said in a USA TODAY interview that the intruders had access to Heartland's system for "longer than weeks" in late 2008. The number of victims is unknown. "We just don't have the information right now," Baldwin said.

    Tech security experts said the breach could set a record. Retail giant TJX lost 94 million customer records to hackers in 2007. With more than 100 million transactions per month, they could discover that several months' worth of transactions were captured, says Michael Maloof, chief technology officer at TriGeo Network Security.

    Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems. Investigators then found the data-stealing program planted by the thieves.

    "Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions," said Baldwin. "This is a very sophisticated attack." Once it sorts out the matter, Heartland plans to notify each victim whose data were stolen to comply with data-loss disclosure laws in more than 30 states, Baldwin said.

    "Cleaning up the mess could be potentially much more expensive than any fines or penalties," says Michael Argast, senior analyst at security firm Sophos.

    Heartland's disclosure coincides with reports of heightened criminal activities involving stolen payment card numbers. Security firm CardCops has been tracking a 20% year-over-year increase in Internet chat room activity where hackers test batches of payment card numbers to make sure that they're active. "The numbers could have come from a processor, like Heartland, or some other source that has access to a lot of customer data but is not a retailer," says Dan Clements, CardCops president.

    Also, Forcht Bank in Kentucky last week began issuing replacement debit cards to 8,500 patrons, due to reports of fraudulent card activity. "There are several other banks affected, and this is not isolated to Forcht Bank customers," the bank said in a Jan. 12 statement to customers.

    Hackers breach Heartland Payment credit card system - USATODAY.com
  2. limegrass69

    limegrass69 Confused

    The fact that Heartland allowed this to happen should be seen as a criminal offense. Why is there no accountability for these sorts of breaches?
  3. v1ru5

    v1ru5 Well-Known Member

    I wonder if this breach affects pre-paid debit card holders also and why so long notifying the people that may be affected?
  4. Grüpsaar

    Grüpsaar DRC Forum Bum

    Scary, I worked for Burger King, (still do when I am visiting town) and they use Heartland. I remember there being issues late in the year where a payment week was skipped and added the next week, and some people were given an extra 25 dollars, or something, for no real reason..I don't remember the details.

    At any rate, luckily it looks like no one I know or anything was messed with at all. I'll have to call some coworkers and see what they know.
  5. limegrass69

    limegrass69 Confused

    It's too early to tell. They don't even know what information has been compromised yet.
  6. Grüpsaar

    Grüpsaar DRC Forum Bum

    Reading more about it, one article mentions a possible relation to this and:
    "Late last month, various blogs reported a number of mysterious, fraudulent sub-25-cent transactions appearing on readers’ and bloggers’ credit card statements, coming from a nonexistent company called “Adele Services”. While it appears these events are unrelated, some consider the timing suspicious."

    I had 2 small 13 and 17 or so cent charges last night on my debit card. Have to look into it more.
  7. limegrass69

    limegrass69 Confused

    Something really needs to be done to improve the security of this data. I realize that it may make on-line transactions a bit more difficult.

Share This Page