Turns out that another credit card processor was hacked. Considering that these companies are highly desired targets, this won’t be the last time this happens. Heartland Payment Systems was the victim this time, which stated that they process “about 100 million payment card transactions per month for 175,000 merchants” and suspect that the hackers had access for several weeks. While Heartland claims that “No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach,” Heartland was notified by the credit card companies that something was wrong, which was confirmed when Heartland found “malicious software that compromised data that crossed Heartland’s network.”
What is also interesting is how long it took them to figure all this out. According to their web site (created specifically for this event) at http://www.2008breach.com/, the incident happened in 2008, and they just discovered it last week. Imagine all the holiday purchases that occurred during that timeframe. Yeah… the final numbers are going to be HUGE! Looks like we have a new record holder.
So, what is Heartland going to do about it? They say they have implemented a “next-generation program designed to flag network anomalies in real-time, enabling law enforcement to quickly apprehend cyber criminals.” So… why didn’t that do this already? Again, credit card processing companies are high-value targets - I can’t believe someone didn’t already recommend this in an 3rd-party risk assessment at some point. Undoubtedly, someone’s head will roll, especially since their stock prices dropped over 42% today, which translates into a dollar loss of $214 million in one day. Ouch. I doubt the “next-generation program” that would have caught such a breach was a tad cheaper than $214 million! “Penny wise, Pound foolish.”
They never learn.
