PRINCETON, N.J. (1/21/09)--Card payments processor Heartland Payment Systems announced Tuesday that its processing system was breached last year by a malicious software program in what could be the largest data breach to date, with possibly more than 100 million credit cards compromised. The information breached included card numbers and cardholders' names. It did not include merchant data, cardholders' Social Security numbers, unencrypted personal identification numbers, addresses or telephone numbers, said the Princeton, N.J.-based company in a press release. None of Heartland's check management or Canadian or payroll systems or its recently acquired Network Services and Chockstone processing platforms were affected , said Heartland. Heartland provides card processing for 250,000 business locations nationwide, most of them small businesses. About 40% of the transactions it processes are from small to mid-sized restaurants throughout the country. It also serves community banks, pay-at-the-pump gas stations, school campuses, parking lots and hospitality businesses. It handles more than four billion transactions a year, according to its website. "We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert H.B. Baldwin Jr., Heartland president/chief financial officer. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the U.S. Secret Service and Department of Justice," he added. The company was alerted by Visa and MasterCard, which noticed suspicious activity among processed card transactions. Heartland took action to further secure its systems and will implement a next-generation program to flag network anomalies in real-time to assist law enforcement. Last week it found out the source of the breach: malicious software planted on the company's payment processing network that recorded payment card data as it was sent for processing to Heartland. Heartland has created a website, www.2008breach.com, to provide more information and advise cardholders to examine their monthly statements closely and report suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties, it said. It did not address who would be responsible if card issuers have to replace thousands of cards.