In mid-January Heartland Payment Systems (HPY), a Princeton, NJ-based credit card processor, revealed that at some time during 2008, its computer systems had been breached and an unknown number of credit card account numbers were exposed to hackers.
The breach was apparently the result of a “sniffer” – a type of malware that simply sits and watches – and collects data – without interacting with the system. No one knows when the sniffer was placed, or how much data it collected.
As for how the sniffer got on the system, experts say it could have been an inside job, an attack from the Internet, or a CD with Trojan-horse software mailed to someone. Had all data been encrypted, it would not have worked. This raises the question of security and sends a clear message to financial institutions – they need to become more aggressive in protecting client data.
Heartland has been sending messages to banks and credit unions, warning them that customers’ accounts may have been compromised. So far 500 financial institutions have reported fraudulent activity on customer accounts as a result of the breach.
It isn’t any wonder, since Heartland is the nation’s 6th largest payment processor – handling transactions for about 175,000 retail and merchant customers, and processing an average of 100 million transactions per month.
Earlier this month, three men were arrested in Tallahassee, Florida, and charged with using “cloned” or counterfeit cards with stolen credit card numbers from the Heartland breach. Farther west, a bank in Texas reported that its customers are being targeted in a phishing scam related to the Heartland breach and has replaced 9,000 credit cards. Identical scams have been reported in other communities across the country.
Citigroup has also been sending out new credit cards, along with a security notice explaining the reason for the replacement.
Along with the monetary loss due to fraudulent activity and the time and effort that will be required of cardholders in clearing their accounts and credit reports of that activity, the overall cost of this breach will be huge.
The responsible action for all banks using Heartland Payment Systems is to change all account numbers and replace all credit cards. The cost per card has been estimated at about $6. Multiply that by the number of cards compromised and you come up with more than $600 million in just one month.
Author: Marte Cliff
FreeCreditScorequick.com your resource for free credit report offers and the most current information regarding credit news. We also provide free tips and techniques to repair your credit for free. “Remember your credit report and credit score is more important than ever now.”