Heartland Payment Systems (HPY) disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. The company said it couldn’t estimate how many customer records have been compromised, but said the data compromised include the information on a card’s magnetic strip that could be used to duplicate a card.
No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.
Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever. before this breach, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos.
- Heartland Payment Systems Uncovers Malicious Software In Its Processing System – company press release
- Payment Processor Breach May Be Largest Ever by Brian Krebs of Security Fix on WashingtonPost.com
- Card Data Breached, Firm Says by Ben Worthen on WSJ.com