Heartland Payment Systems, a credit-card and check processor serving 250,000 businesses in the United States, warned on Tuesday that it had found evidence of a network breach that had compromised consumers' credit-card numbers.
Last week, auditors hired by the company found malicious software on its payment network, the firm said in a statement. Visa and Mastercard had tipped off the company to fraudulent card activity related to credit-card transactions processed on Heartland's network.
Heartland "immediately took a number of steps to further secure its systems," the company said. The payment processor also set up a Web site, www.2008breach.com, to act as a communications point with affected customers.
"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice," Robert H.B. Baldwin, Jr., Heartlands president and chief financial officer, said in a statement. "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."
A number of large data breaches have led back to intrusions in the payment networks of credit-card processors. In 2005, online criminals gained access to the network of CardSystems Solutions, a payment processors, and compromised as many as 40 million credit card accounts. Two years later, a poorly secured wireless network allowed criminals to compromise the payment network of retail giant TJX, leading to the theft at least 94 million credit-card accounts.
Heartland stressed that the intrusion did not compromise merchant data, cardholder Social Security numbers, unencrypted personal identification numbers (PIN) or other personal information. The networks of the company's subsidiaries were not affected, the firm stated.
Heartland pledged to add more security to its network, promising to "implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to expeditiously apprehend cyber criminals," the firm said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos