Card Processor Admits to Large Data Breach:

Heartland Payment Systems, a company that processes debit and credit card transactions for 250,000 businesses, announced today that it was hacked late last year and that intruders may have compromised more than 100 million accounts.

The company discovered the breach late last year after Visa and MasterCard reported a pattern of suspicious transactions. Forensic investigators discovered the source of the breach only last week — malware installed on Heartland’s internal network that was sniffing unencrypted transactions as they were being authorized by the system.

Robert Baldwin, Heartland’s president and chief financial officer, told BankInfoSecurity that, “As the transaction is being processed, it has to be in unencrypted form to get the authorization request out.”

The company, which is based in New Jersey, did not know how long the malware was in its system, or how many card accounts might have been compromised, although the company’s web site indicates that it processes about 100 million transactions a month.

Although the thieves captured account information embedded in the magnetic strip of cards, they were not able to obtain customer PIN numbers, Baldwin said. The thieves also did not obtain customer address information.

Law enforcement authorities have told the company that the breach is part of a wider cyber fraud operation, implying that other processors and businesses may have been targeted as well.

Source:  Wired

Our VLOG

[youtube]http://www.youtube.com/watch?v=fMYdxCvM3do[/youtube]