If you have a credit card, expect a letter from Heartland Payment Systems soon. The New Jersey credit-card processor revealed that their computer network has been hacked in what is thought to be the biggest data breach ever.
Heartland counts more than 250,000 businesses as clients, and processes roughly 100 million transactions every month. Robert Baldwin, Heartland’s president and CFO said they don’t know yet how many transaction records were exposed.
The records that were accessed include the credit card numbers, expiration dates and internal bank codes. In short, the hackers now have everything from the cards’ magnetic strip, and everything needed to create duplicate cards.
Until now, TJX--parent company of TJ Maxx, Marshall’s and other retail stores—claimed the dubious distinction of having the largest data breach. Approximately 45 million card numbers were stolen in that case.
Visa and MasterCard officials notified Heartland last fall that they’d had a number of suspicious transactions, but an investigation conducted by Heartland didn’t corroborate the credit card companies’ findings.
A forensic investigator dropped the hammer last week when he discovered evidence supporting the earlier alerts from Visa and MasterCard. Baldwin described the malware used in the breach as being “light years more sophisticated” those commonly launched from the Internet.
The Identity Theft Resource Center recently announced that data breaches in 2008 reflect a 47% increase over the number of breaches disclosed in 2007.