Heartland Payment Systems Reports Stolen Computers, (Potential) Data Breach

In a letter to those affected: 

What Happened?

Heartland Payment Systems, Inc. (“Heartland”), was notified on May 8, 2015 that your personal information may have been compromised. An incident occurred at our office in Santa Ana, California. Many items, including password protected computers belonging to Heartland were stolen. One of these computers may have stored your Social Security number and/or bank account information processed for your employer. We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur. We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand. Heartland continues to monitor the situation carefully and has increased its internal security and review procedures to watch for any unusual activity. We are providing this notice to you out of an abundance of caution so that you can take steps to help protect your information from unauthorized use, such as the steps detailed in the enclosed state notification requirements.

The Princeton, NJ payment processor may sound familiar because several years ago it disclosed a monmumentally more severe event.

From Wikipedia:

On January 20, 2009 Heartland announced that it had been “the victim of a security breach within its processing system in 2008”.[5] The data stolen included the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards; with that data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.[6] One estimate claimed 100 million cards and more than 650 financial services companies were compromised; at the time, it was characterized as the largest ever criminal breach of card data.[7]

An American computer hacker, Albert Gonzalez, was sentenced in March 2010 to 20 years in prison for his role in the hacking ring that broke into the Heartland computer systems.[8]

On May 1, 2009, Visa and Heartland issued a statement that Heartland successfully validated its compliance with PCI DSS and was returned to Visa’s list of PCI DSS Validated Service Providers.[9]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s