[ISN] Payment Processor Breach May Be Largest Ever

From: InfoSec News <alerts_at_private>
Date: Wed, 21 Jan 2009 00:29:08 -0600 (CST)
http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html

By Brian Krebs 
Security Fix
Washington Post
January 20, 2009

A data breach last year at Princeton, N.J., payment processor Heartland 
Payment Systems may have compromised tens of millions credit and debit 
card transactions, the company said today.

If accurate, such figures may make the Heartland incident one of the 
largest data breaches ever reported.

Robert Baldwin, Heartland's president and chief financial officer, said 
the company, which processes payments for more than 250,000 businesses, 
began receiving fraudulent activity reports late last year from 
MasterCard and Visa on cards that had all been used at merchants which 
rely on Heartland to process payments.

Baldwin said 40 percent of transactions the company processes are from 
small to mid-sized restaurants across the country. He declined to name 
any well-known establishments or retail clients that may have been 
affected by the breach.

Baldwin said it would be unfair to mention any one of his company's 
customers.

"No merchant of ours represents even [one-tenth of one percent] of our 
volume, and to put out any name associated with what is obviously an 
unfortunate incident is not fair," he said. "Their customers might end 
up having their cards used fraudulently, but that fraud might turn out 
to have come from their store, or it might be from another Heartland 
store and no one will ever really know."

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Tue Jan 20 2009 - 22:29:08 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 20 2009 - 22:34:47 PST