Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Card processors breach may be the largest yet
PRINCETON, N.J. (1/21/09)--Card payments processor Heartland Payment Systems announced Tuesday that its processing system was breached last year by a malicious software program in what could be the largest data breach to date, with possibly more than 100 million credit cards compromised. The information breached included card numbers and cardholders' names. It did not include merchant data, cardholders' Social Security numbers, unencrypted personal identification numbers, addresses or telephone numbers, said the Princeton, N.J.-based company in a press release. None of Heartland's check management or Canadian or payroll systems or its recently acquired Network Services and Chockstone processing platforms were affected , said Heartland. Heartland provides card processing for 250,000 business locations nationwide, most of them small businesses. About 40% of the transactions it processes are from small to mid-sized restaurants throughout the country. It also serves community banks, pay-at-the-pump gas stations, school campuses, parking lots and hospitality businesses. It handles more than four billion transactions a year, according to its website. "We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert H.B. Baldwin Jr., Heartland president/chief financial officer. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the U.S. Secret Service and Department of Justice," he added. The company was alerted by Visa and MasterCard, which noticed suspicious activity among processed card transactions. Heartland took action to further secure its systems and will implement a next-generation program to flag network anomalies in real-time to assist law enforcement. Last week it found out the source of the breach: malicious software planted on the company's payment processing network that recorded payment card data as it was sent for processing to Heartland. Heartland has created a website, www.2008breach.com, to provide more information and advise cardholders to examine their monthly statements closely and report suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties, it said. It did not address who would be responsible if card issuers have to replace thousands of cards.
Other Resources

RSS





print
News Now LiveWire
Registration lottery for #CreditUnion #CherryBlossom Ten Mile Run opens Monday, Dec. 1 http://t.co/AGkKPof5Fy. Race is April 12
1 Day ago
The turkey hasn't even been served and #creditunions are already making plans for #GivingTuesday
1 Day ago
.@bankofamerica's $16.65 billion 'toxic mortgage' settlement finalized http://t.co/BIq1QyImXG
1 hours ago
RT @CUNA: #NussleReport: ICYMI: Revised RBC proposal in January w/a 90-day comment period #Fix RBC http://t.co/T4JcvWBDse
3 hours ago
.@TheNCUA release on Nov. prohibition orders out already. Here: http://t.co/YkA1QIYbYa
3 hours ago