Hackers breach security at Heartland Payement Systems

21 January 2009

Heartland Payment Systems, a Princeton, New Jersey-based payment processing company disclosed on Tuesday that its computers had been hacked for more than a few weeks in late 2008.

Heartland which processes 100 million card transactions a month said that it does not have information about the number of victims that this break in into its computer systems would involve.

According to cyber security experts the break could easily exceed the 94 million records lost to hackers by a breach at retail giant TJX in 2007.

Heartland's operations cover processing of card payments for restaurants, retailers and other merchants. The theft was discovered last week following Visa and MasterCard detecting suspicious activity from accounts linked to its systems. Investigators later identified the data-stealing program planted by the thieves.

Chief financial officer and president, Robert H B Baldwin Jr said that it appears to be the handiwork of a group that has carried out similar attacks on computer systems at other financial institutions considering the attack's sophistication. He added that Heartland would notify each victim of data loss to comply with data-loss disclosure laws in more than 30 states.

The Heartland security breach comes in the wake of reports of rising criminal activity involving stolen payment card numbers. A leading cyber security firm says it has seen internet chat room activity rise 20 per cent every year; hackers test batches of a payment card numbers to make sure they are active. These numbers, they suspect, could have been sourced through a payment processor like Heartland.