Tuesday, January 20, 2009

Heartland Payment Systems - 100 Million Record Breach

In a word... Unfathomable.

The type of carnage and financial damage fraud on the scale of 100 million cards could wreak on a company in such a fragile economy simply blows my mind.
"A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have led to the theft of more than 100 million credit and debit card accounts, the company said today." (src: Washington Post)
Incredible. While they keep stressing (obviously in a panic) that no SSNs or other cardholder information was taken, we know that the information on the magnetic stripe from the card itself has been compromised.
"The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach." (src: Washington Post)
So the only bright light, or even dimly lit light at the end of this tunnel for Heartland Payment Systems is that card-not-present fraud is going to be unlikely (assuming the breach was contained as Heartland says it is)... but cloning cards and walking into stores that don't check IDs is not that tough...

You've got to feel for the security folks at Heartland Payment Systems today...

No comments: