Heartland Payment Systems Reports Breach

Credit card processing company Heartland Payment Systems disclosed today it suffered a malware attack last year. The discovery was made after officials from Visa and MasterCard reported suspicious activity involving processed card transactions.

Payments processor Heartland Payment Systems disclosed today it was hit with a malware attack last year that may have resulted in a large cache of financial data being compromised.

The company said it launched an investigation after officials at Visa and MasterCard reported suspicious activity surrounding processed card transactions. In response, Heartland enlisted forensic auditors to conduct an investigation. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland’s network, Heartland officials said.

In a statement released today, Heartland declared the breach had been contained. The compay further added that no merchant data or cardholder social security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. None of Heartland’s check-management systems were involved either, officials added.

“We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands,” said Robert H.B. Baldwin, Jr., Heartland’s president and chief financial officer, in the statement. “We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.”

In the wake of the incident, Heartland has announced plans to implement a program designed to flag network anomalies in real-time and help law enforcement catch cyber-criminals. The company has also created a Web site – www.2008breach.com – to provide information about the situation. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.

“Heartland apologizes for any inconvenience this situation has caused,” continued Baldwin. “Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective.

Based in Princeton, NJ, Heartland provides credit, debit, prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide.

via eWeek.