Data breach at Heartland may be bigger than TJX's
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 2
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Intruders broke into the systems and planted malware, says payment processor
By Jaikumar Vijayan | Framingham | Tuesday, 27 January, 2009
A data breach disclosed last week by Heartland Payment Systems may displace the one revealed by The TJX Companies in January 2007 as the largest compromise of payment card information to date.
Heartland, a Princeton, N.J.-based payment processor, said intruders broke into its systems sometime last year and planted malware that they used to steal credit and debit card data.
A Heartland spokesman said that the company still had no idea how many cards had been compromised. It wasn't even sure how long the malware had been on its network, he noted. "All we know is that it was there for a period of time in the second half of 2008," he said.
But given that Heartland processes more than 100 million card transactions per month, it's conceivable that the number of compromised cards could be at least that high, said Gartner analyst Avivah Litan. In the TJX breach, 45.6 million card numbers were stolen over 18 months.
"Everybody who processes card information is dying to know how exactly this happened," said Henry Helgeson, president and co-CEO of payment processor Merchant Warehouse. "One of our frustrations right now is, if this is a new attack, we need to know about it."
The Heartland breach was the second disclosed by a large payment processor in recent weeks. On Dec. 23, RBS WorldPay said that the personal data of about 1.5 million card holders had been compromised in a breach of its systems.
The two incidents may point to a new — and potentially more lucrative — strategy on the part of cybercrooks. "Attacking a processor is much more serious than attacking a retailer," Litan said, adding that the payment industry as a whole needs to adopt "more radical" security measures.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
