Purchasing LifeLock, Identity Guard or IdentityForce via links from our site earn us a commission and supports our efforts. Thank You!

Identity Theft Labs

Heartland Payment Systems Data Breach May Be First to Expose Over 100 Million Americans

Heartland Payment Systems recently announced a data breach due to malicious software (malware) that stole an unknown number of payment transactions and may affect upwards of 100 million Americans making it the largest data breach on record and eclipsing TJX, which owns retailers TJ Maxx and Marshalls, whose breach affected 94 million customers. The malware that stole payment data such as names, addresses, debit and credit card numbers at Heartland hid in an unallocated portion of a server’s disk. According to Heartland CFO Robert Baldwin…

“The malware was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud warnings went off at both Visa and MasterCard.”

Baldwin also indicated that both the U.S. Secret Service and Justice Department told him that the hackers had breached the records of other financial institutions.

“We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice,” Baldwin said in the statement.”

Apparently, federal law enforcement had already been investigating this “I have talked to many payments leaders who are also concerned about the increasing success and frequency of cyber crime attacks,” Carr said. “Up to this point, there has been no information sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week.”

According to The Identity Theft Resource Center, reports of data breaches in the United States increased 47 percent in 2008, jumping from 446 reported breaches in 2007 to 656 reported breaches in 2008. Approximately 14% of the data breaches were due to hacking and an estimated 35 million Americans had their personal information compromised, down significantly from 2007 which included the numbers from the TJX breach.

The Heartland Payment Systems data breach will likely make 2009 the worst year on record when the final numbers on compromised consumers are released. Consider that the company processes credit, debit and prepaid cards for more than 250,000 business locations and has with the help of Visa and Mastercard contacted more than 150,000 merchant locations to bring them up to date on this breach. Consider also that it is unclear when the hackers put the malware in place let alone when it was first discovered and you can see the staggering number of people that may be affected. Right now everyone is awaiting details but currently Heartland has not been forthcoming.  Stay tuned for more.