Wired News’ Threat Level blog reports, “A large credit card processing company was breached in an attack late last year that may have compromised more than 100 million accounts.” Sadly, such breaches are nothing new. In July, the Identity Theft Resource Center (ITRC) released its Breach Report (pdf) and the “total has reached an all-time high. Between January 1st and June 27th, the total number of data breaches recorded by the ITRC is 342, more than 69% greater than the same time period in 2007.”
Heartland Payment Services, which processes debit and credit card transactions for 250,000 businesses, said it first learned around late October that it might have been hacked, but wasn’t able to determine that its system had indeed been breached until last week. The company said it notified the public Tuesday as soon as it confirmed it was the victim of a “highly sophisticated” attack.
Law enforcement officials are investigating the breach as potentially one part in a wider cyber fraud operation with multiple victims, according to Robert Baldwin, Heartland’s president and chief financial officer. […]
Heartland discovered malware on its system that allowed thieves to sniff unencrypted card data as transactions were being authorized in Heartland’s system. The thieves captured card account numbers and expiration dates and, in 20 percent of cases, the customer’s name as well.
The company, which is based in New Jersey, did not know how long the sniffer was in its system or how many card accounts might have been compromised, although the company’s web site indicates that it processes about 100 million transactions a month.
Find out more about security breaches, identity theft, and how to protect yourself at Privacy Rights Clearinghouse. The organization has a “Chronology of Data Breaches,” which shows that 251 million records have been exposed because of security breaches in the public and private sectors since January 2005.