Heartland Payment systems, which operate credit card transactions to several hundred of thousands of business across the country, revealed today that millions of credit cards transactions were compromised in what could be the biggest data breach ever recorded.
When the company started receiving fraudulent reports last year, “(The Company) called U.S. Secret Service and hired two breach forensics teams to investigate”, in an article posted on Washington Post’s Security Fix blog, “But Baldwin said it wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients.”
How their network was compromised is unclear, but “Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.”
What’s wrong with this picture: This company received reports of fraud activity last year and they found the cause of it last week?