The largest credit card data breach ever?
Malicious software in the network of US payment processor Heartland leads to data on 100 million transactions being compromised.
US-based payments processor Heartland Payment Systems was the victim of a massive security breach, which could have exposed customer information associated with the 100 million transactions it handles each month.
Heartland found evidence of the intrusion last week, and notified law enforcement officials as well as the card brands involved. It said that the incident could have been the result of a widespread global fraud operation.
The only data compromised was names, card numbers and expiration dates as well as the information on the card's magnetic strip which could be used to duplicate cards.
Heartland was alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions. An investigation uncovered malicious software compromising data across Heartland's network.
Richard Wang, of SophosLabs US, said that it appeared the information stolen was enough to create fake cards.
He said on his company's blog: "Although addresses were not compromised by this breach, making card not present' fraud more difficult, this provides one more piece in the puzzle for anyone trying to assemble stolen identities."
"A name and card number from one breach could be used along with name and address from another source to build a more complete identity."
For anyone affected by the breach, more information is available on a specially-created website run by Heartland.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download