From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jan 21 2009 - 00:29:08 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html

By Brian Krebs
Security Fix
Washington Post
January 20, 2009

A data breach last year at Princeton, N.J., payment processor Heartland
Payment Systems may have compromised tens of millions credit and debit
card transactions, the company said today.

If accurate, such figures may make the Heartland incident one of the
largest data breaches ever reported.

Robert Baldwin, Heartland's president and chief financial officer, said
the company, which processes payments for more than 250,000 businesses,
began receiving fraudulent activity reports late last year from
MasterCard and Visa on cards that had all been used at merchants which
rely on Heartland to process payments.

Baldwin said 40 percent of transactions the company processes are from
small to mid-sized restaurants across the country. He declined to name
any well-known establishments or retail clients that may have been
affected by the breach.

Baldwin said it would be unfair to mention any one of his company's
customers.

"No merchant of ours represents even [one-tenth of one percent] of our
volume, and to put out any name associated with what is obviously an
unfortunate incident is not fair," he said. "Their customers might end
up having their cards used fraudulently, but that fraud might turn out
to have come from their store, or it might be from another Heartland
store and no one will ever really know."

[...]

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]