Posts

Showing posts from February, 2009

Heartland Payment Systems Breach

On January 20 -- Inauguration Day -- Heartland Payment Systems, which handles over 100 million credit card transactions a month, quietly announced that their forensic auditing teams have uncovered a piece of malicious software buried in their processing system -- a security hole that allowed hackers to capture an unknown number of credit card transactions. At this point, they can't determine exactly when the hole was created, so therefore they can't determine who has been compromised. It was a very sophisticated attack, according to Robert Baldwin, the company's president and CFO. Heartland thinks that the hole has been plugged, but the forensic investigation is continuing. With this late-breaking story, I've read differing reports on the extent of exposure. One report acknowledges that card holder names and numbers were lifted but says that no merchant data or card holder Social Security numbers, or card PINs were involved. Another report felt that enough