Payment Processor Breach May Be Largest Ever

Source: Washington Post

A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have led to the theft of more than 100 million credit and debit card accounts, the company said today.

...

Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments.

Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.

...

Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

...

The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach.



Read more: http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html

---

Heartland's press release is here: http://www.2008breach.com/


Why release the info on Inauguration Day?

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=385&topic_id=261380&mesg_id=261380

There is always a way to breach a system, with results varying depending on the information obtained.

People need to know which places had the leaks so they can check their credit card statements.

Saying there were leaks without naming the sources is meaningless, which I guess is their objective.

Wouldn't want people to stop patronizing well-known establishments. But who cares about the little guys?