Heartland Payment Systems delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide.
Heartland reported on Tuesday that they had suffered a security breach in 2008. “We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands”, said Heartland president Robert Baldwin.
The bulk of the exposed data was credit card names, numbers, and expiration dates. The malware infection was a keylogger and packet sniffer that recorded transactions on Heartland’s network.
Heartland did not disclose when the infection occurred, or how many transactions had been compromised.
For a piece of malware to be installed on their network from sometime in 2008 until this week is a sign that the PC may not have been running any kind of virus protection. It is important that all computers on your network be running some sort of Anti-Malware software that provides your PCs with real-time protection against malware insallation, and detection and removal of existing malware.
I heard that this was the biggest security breach in history. But then again how would they know?
Voltage comments correctly that a technology solution based on Identity-Based Encryption (IBE) and Format-Preserving Encryption (FPE) definitely eliminates this type of threat. Someone snooping traffic between the Processor and an upstream clearer would have seen only encrypted data. This innovative encryption approach obviates the need to overhaul existing system formats, and IBE provides an elegant federated security model that matches the existing processing architecture. More details at http://superconductor.voltage.com/2009/01/heartland-data-breach.html