Cybercriminals hacked into Heartland Payment Systems, a company that processes the credit and debit card transactions for more than 250,000 businesses, or approximately 100 million card transactions each month. The hacked data includes card numbers, expiration dates, and some internal bank codes–enough information to duplicate the cards themselves.
The hackers used software that was “light-years more sophisticated” than common malicious programs found on the internet, says Heartland president Robert Baldwin. The malware went undetected by an intensive internal investigation several months ago, and was only discovered last week by a forensic investigator.
Heartland contends that no Social Security or PIN numbers were stolen, but “advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers.” The extent of the damage isn’t completely known, but Heartland believes the intrusion is contained and the company has taken steps to further secure its systems.
This large-scale security breach may be connected to “a widespread global cyber fraud operation,” according to Heartland. The US Secret Service and Department of Justice are heavily involved in the investigation.
For more information and any updates about the breach, go to Heartland’s dedicated site.