Princeton, January 21: In what experts term as the biggest ever card data infringement, Heartland Payment System Inc., a New Jersey credit-card processor, revealed a breach of data related to about 100 million card operations it deals with each month.
The company said Tuesday that cyber trespassers accessed the customer information linked to the card transactions by hacking into its computer network.
Though the company could not arrive at an exact number of the customer records which may have been illegally accessed by the culprits, but it informed that the data infringed included the information that a card’s magnetic strip carries- card number, expiration date and internal bank codes. The firm raised apprehensions about this information being used to fake a card.
It is worth mentioning here that Heartland, in Princeton, New Jersey, deals with credit card operations of above 250,000 businesses in America. This number includes restaurants as well as small retailers.
The largest known data breach before this one happened in retail firm TJX Cos. in 2005 and 2006, wherein about 45 million card numbers were improperly accessed. But on the basis of her dialogue with industry executives, Avivah Litan, an analyst at Gartner, feels that the Heartland fiasco has clearly surpassed that of the TJX Cos.
On the other hand, Heartland’s president and chief financial officer, Robert Baldwin, believes that describing the breach as the biggest ever would be ‘speculative’. He further added that it was premature to tell exactly how many records were retrieved.
Mr. Baldwin said that efforts to identify a fraudulent pattern in the dealings on accounts that Heartland handles failed on all counts. This after the company was alerted by Visa Inc. and MasterCard Inc. representatives about a possible breach.
But last week, a forensic investigator found confirmation of the violation. Mr. Baldwin, in turn, alleged that his company was targeted with malevolent software which he describes as “light-years more sophisticated” than the nasty programs one generally downloads from the Internet.
The organization is presently working with the U.S. Secret Service to analyze what went wrong. The malware has already been removed.
Another analyst, John Kindervag, who works for Forrester Research, compared the data retrieved by the criminals to the crown jewels as they can easily use it to clone the cards.
Such infringements can cost anything between $300 and $600 for a single account with regard to fraudulent purchases and legal costs. This, Mr. Kindervag said, could put the cost of this contravention in the hundreds of millions of dollars.
Post new comment