A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported.
Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.
The company said it couldn't estimate how many customer records may have been improperly accessed, but said the data compromised include the information on a card's magnetic strip -- card number, expiration date and some internal bank codes -- that could be used to duplicate a card.
Heartland, of Princeton, N.J., processes transactions for more than 250,000 businesses nationwide, including restaurants and smaller retailers.
Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever, based on her conversations with industry executives. Previously, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos. in 2005 and 2006.
Robert Baldwin, Heartland's president and chief financial officer, said it was too early to say how many records were accessed and that calling it the largest-ever breach would be "speculative."
Representatives of Visa Inc. and MasterCard Inc. alerted Heartland to a pattern of fraudulent transactions on accounts the processor handled sometime last fall, Mr. Baldwin said. But an internal investigation and audits failed to detect a security breach.
Last week, however, a forensic investigator discovered evidence of the breach. Mr. Baldwin said Heartland was targeted with malicious software that was "light-years more sophisticated" than malevolent programs commonly downloaded from the Internet.
Heartland said it has removed the malware and is working with the U.S. Secret Service to investigate the incident.
John Kindervag, an analyst at Forrester Research, also said Heartland's breach may be the largest ever, though it's too soon to know. He said the data the criminals accessed -- called "track data" in the industry -- are the equivalent of the crown jewels since criminals can use the information to make fake cards.
------------------------
According to NetworkWorld,
While DataLossDB is "hearing rumblings that this is a significant breach," there's no reliable way at the moment to determine if these next few items are dots that can be connected ... or just dots in the never-ending data-breach parade.
No comments:
Post a Comment