Heartland data breach sparks security concerns in payment industry

Source: ComputerWorld

Lack of details, company's size spur questions about how system intrusion happened

January 22, 2009 (Computerworld) The lack of details surrounding the potentially massive data breach that Heartland Payment Systems Inc. disclosed this week is fueling questions and concerns within the payment processing industry about the exact nature of the security compromise.

The concerns also are being driven by the fact that Princeton, N.J.-based Heartland is one of the largest processors of credit and debit card transactions in the U.S. It handles more than 100 million card transactions per month for 250,000 clients; that a company so large could have its systems compromised by intruders for what appears to have been an extended period of time is prompting more than the usual curiosity about how the breach took place.

In addition, Heartland, as a large processor of card transactions, has been required to comply with the Payment Card Industry Data Security Standard — a set of security controls mandated by the major credit card companies — for a considerably longer time than retailers have been. As a result, Heartland was generally expected to have stronger controls in place for preventing, detecting and responding to system intrusions than many other entities covered by the PCI rules do.

"We're dying for information on this one," said Henry Helgeson, president and co-CEO of Merchant Warehouse Inc., a Boston-based provider of payment card processing services and software. "Everybody who processes card information is dying to know how exactly this happened."



Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126608&intsrc=hm_list

---

Update to original article:

Millions May Be At Risk Of Credit, Debit Fraud After Security Breach{Heartland Payment Systems)

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=102&topic_id=3700463&mesg_id=3700463

why do we fail to understand that --?

What about the Pentagon . . . haven't even they had problems?

Many, many times....

Chinese hacked into Pentagon

The Chinese military hacked into a Pentagon computer network in June in the most successful cyber attack on the US defence department, say American ­officials.

The Pentagon acknowledged shutting down part of a computer system serving the office of Robert Gates, defence secretary, but declined to say who it believed was behind the attack.

http://www.ft.com/cms/s/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac,Authorised=false.html?_i_location=http%3A%2F%2Fwww.ft.com%2Fcms%2Fs%2F0%2F9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html&_i_referer=http%3A%2F%2Fdigg.com%2Fsecurity%2FChinese_Military_Hacks_the_Pentagon

The Pentagon . . . which supposedly protects us all . . .

FAILED on 9/11 . . . seemingly on purpose --

Also got itself bombed on 9/11 . . . though perhaps from inside the Pentagon -- !!

Anyone see the photo of the incoming -- ????

And, has been hacked "many, many times" ---

C'est la vie --- or stop funding this BS --- ????

My bank says they hit small banks all across U.S. and the bank lowered all our limits. They shut them down after watching them try to get $1,000 then $500. then $300. (our limits were put down to $200.) and then they called me and said we closed your card and you will be getting a new one but the hackers have been shut down.

SOP "Standard Operating Procedures"...

Heartland tends to process mainly Visa/MC... so not bad for my employers, in fact our reference system of talking points for this is that the volume of payments they put through is "very small".

But since they're big in the Visa/MC payment processing world, naturally everyones' concerned.

Mark.

I got a phone call from Google, Money, Profit on 1/5 saying the credit card used on my order had been rejected but I had not placed any order with them. Later I got a letter from Gevalia Cofee making the same claim and I had not placed an order with them either. Gevalia cust svc gave me the last 4 digits of the card used and it matched a card I thought had been cancelled last fall.

It turns out that whoever the creeps were, they successfully ordered the gmp software, Google Tree and a charge to Bribri marketing.

This is the first time anything like this has happened to me, and it was somewhat scary to realize that someone was ordering stuff using my name, address and phone number.