Largest Credit Breach Ever Reported Inauguration Day

Dennis Faas's picture

Payment processor Heartland Payment Systems reported that it was the victim of a security breach within its processing system in 2008. For unknown reasons, the breach was reported on January 20, 2009 -- inauguration day for the incoming President Obama administration.

Tens of millions of credit and debit card transactions may have been breached, making the Heartland incident one of the largest data breaches ever reported. (Source:

Heartland believes the intrusion is now contained and that no merchant information or cardholder Social Security numbers were compromised. According to Heartland, no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PINs), addresses or telephone numbers were involved in the breach. (Source:

Credit card issuers, the U.S. Secret Service and the U.S. Department of Justice were notified of the intrusions.

Visa and MasterCard alerted Heartland of suspicious activity surrounding processed card transactions. After enlisting the help of several forensic auditors to conduct a thorough investigation, malicious software that recorded payment card data as it was being sent for processing was discovered.

It's unknown how long the malicious software was there, how it got there, or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates -- including the digital information that is encoded onto the magnetic stripe on the backs of credit and debit cards.

Robert Baldwin, Heartland's president and chief financial officer, said that Heartland processes payments for more than 250,000 businesses, but declined to name any clients affected by the breach.

Heartland processes about 100 million transactions a month.

In response to the crisis, the company created a website to provide information about the incident and is advising cardholders to examine their monthly statements closely, urging them to report any suspicious activity to their card issuers. The cardholders are not responsible for unauthorized fraudulent charges made by third parties.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet