View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 21, 2009

Malware caused ‘biggest ever’ data breach

Heartland says hackers probably stole track data from transactions

By Jason Stamper

Malicious software injected into the payment processing network of a major US credit-card processing company could have led to one of the biggest data breaches ever reported, it has emerged.

Heartland Payment Systems has said the activity of cyber criminals had compromised its payments network. Some customer records may have been improperly accessed.

Potentially tens of millions of credit and debit card transactions could be involved. The business handles 100 million card transactions every month for 175,000 merchants.

Robert Baldwin Heartland’s CFO, said in a USA Today interview that the intruders had access to Heartland’s system for ‘longer than weeks’ in late 2008. He also said that the spyware has been described as being ‘light-years more sophisticated’ than the sort of maleware that is commonly downloaded from the web.

Alarms were first raised after Visa and MasterCard alerted the New Jersey-based company of suspicious activity surrounding processed card transactions.

Heartland emphasised that no merchant data or unencrypted PINs, or cardholders’ addresses or telephone numbers had been exposed as a result of the breach.

But the company has confirmed the hackers could have sucked off so-called track data from transactions it handled. Track data includes information such as card number, expiration date and some internal bank codes that could be used to make fake cards.

Content from our partners
How businesses can thrive in the age of generative AI
AI is transforming efficiencies and unlocking value for distributors
Collaboration along the entire F&B supply chain can optimise and enhance business

The number of victims is unknown. Previously, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX in 2005 and 2006.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.