Heartland Payment Systems Reports Breach

Credit card processing company Heartland Payment Systems discloses Jan. 20 that it suffered a malware attack in 2008 that may have compromised financial data. The security discovery was made after officials from Visa and MasterCard reported suspicious activity involving processed card transactions, Heartland Payment systems says.

Payments processor Heartland Payment Systems disclosed Jan. 20 that it was hit with a malware attack in 2009 that may have resulted in a large cache of financial data being compromised.

The company said it launched an investigation after officials at Visa and MasterCard reported suspicious activity surrounding processed card transactions. In response, Heartland enlisted forensic auditors to conduct an investigation. The week of Jan. 12, the investigation uncovered malicious software that compromised data that crossed Heartland's network, Heartland officials said.

In a statement released Jan. 20, Heartland declared that the breach had been contained. The company added that no merchant data or cardholder Social Security numbers, unencrypted PINs, addresses, or telephone numbers were involved in the breach. None of Heartland's check-management systems were involved either, officials said.

Click here to read about spam linking to a malicious site imitating Barack Obama's official Web site.

"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," Robert H.B. Baldwin, Jr., Heartland's president and chief financial officer, said in the statement. "We understand that this incident may be the result of a widespread global cyber-fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."

In the wake of the incident, Heartland has announced plans to implement a program designed to flag network anomalies in real time and help law enforcement catch cyber-criminals. The company has also created a Web site, www.2008breach.com, to provide information about the situation. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.

"Heartland apologizes for any inconvenience this situation has caused," Baldwin said. "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."

Heartland Payment Systems provides credit, debit, prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide.