With potentially over 100 million cards being compromised, a data breach incident in the US could be the largest ever recorded.
The New Jersey-based Heartland Payment Systems, a provider of credit and debit card processing services, said unknown intruders had broken into its systems sometime last year and planted malicious software to steal card data carried on the company's networks. It claimed to have discovered the intrusion only last week after being alerted by Visa and MasterCard of suspicious activity.
Robert Baldwin Jr., Heartland's president and CFO, said that alerts by the credit card companies triggered an investigation by forensic investigators, and during this the intrusion was discovered.
Baldwin said: “Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions. This is a very sophisticated attack."
Heartland claimed that no merchant data, cardholder's social security numbers, unencrypted PIN, addresses or telephone numbers were compromised. Once it sorts out the matter, Heartland plans to notify each victim whose data was stolen to comply with data-loss disclosure laws in more than 30 states.
The company refused to comment on how many customers could have been impacted, but as Heartland processes more than 100 million card transactions per month; it could be possible that the number of compromised credit and debit cards is at least that many.
See original article on scmagazineuk.com
.png&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
