Credit Card Processor Reports Data Breach; May Be Largest Ever

By: Analytical Wealth Thursday, January 22, 2009 5:36 PM

Article Author

Bio and Articles
Author's Website

Vote for next session

The next market session will close:

This doesn’t fall in line with my usual posts, but I figured I'd point everyone to it anyway for informational purposes:

(From the WSJ): "A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported.

Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.

The company said it couldn't estimate how many customer records may have been improperly accessed, but said the data compromised include the information on a card's magnetic strip -- card number, expiration date and some internal bank codes -- that could be used to duplicate a card.

Heartland, of Princeton, N.J., processes transactions for more than 250,000 businesses nationwide, including restaurants and smaller retailers.

Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever, based on her conversations with industry executives. Previously, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos. in 2005 and 2006.

Robert Baldwin, Heartland's president and chief financial officer, said it was too early to say how many records were accessed and that calling it the largest-ever breach would be "speculative."

Representatives of Visa Inc. and MasterCard Inc. alerted Heartland to a pattern of fraudulent transactions on accounts the processor handled sometime last fall, Mr. Baldwin said. But an internal investigation and audits failed to detect a security breach.

Last week, however, a forensic investigator discovered evidence of the breach. Mr. Baldwin said Heartland was targeted with malicious software that was "light-years more sophisticated" than malevolent programs commonly downloaded from the Internet."

Mind you unless you know the specific processing firm the merchants you patronize use there isn't much you can do with information like this, however it is definitely a reminder to scrutinize your credit card statements on a monthly basis just to be safe. As the economy worsens I expect to see more and more crimes like this.

You can read more here.

Sources:

The WSJ: "Card Data Breached, Firm Says" -- Ben Worthen, January 20, 2009.

Disclosure: at the time of publishing the author didn't own a position in any of the companies mentioned in this article; the ideas expressed are solely the opinions of the author and shouldn't be viewed as financial or investment advice.

Bookmark:
Email
Print

The above story is the opinion of the author only and it does not reflect iStockAnalyst opinion. Further, the author is not personally advising you regarding the suitability of the story for your investment needs. In no event iStockAnalyst will be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from or arising out of, or in connection with the use of this information. Please consult your investment advisor before making any investment decision.

Related Stories