Heartland Payment Systems Security Breach

Heartland Payment Systems is a nationwide company that is responsible for processing millions of payments a day, ranging from credit/debit cards to payroll and checks. Heartland caters to a variety of industries such as, the restaurant industry, lodging and hospitality, university campuses, the retail industry, and many more. Heartland allows for these companies to provide their customers with the best possible business solutions and at their convenience. Heartland helps to navigate companies through the complexities of payment transactions so they can focus on running a successful business and not have to worry about the issues and problems that can arise.

Unfortunately, Heartland had a recent security breach in 2008, which was officially disclosed to the public on January 20, 2009. The data breach could possibly be one of the largest data breaches ever reported as Heartland is responsible for more than 250,000 businesses and has estimated to handle over 100 million transactions a month. No one knows how many businesses or cards were affected because Heartland has not yet released that information, but my guess is that a majority of Heartland's customers if not all were exposed and someone now has all their information. It was a couple of months before anybody even noticed that some kind of malicious software was planted in the company's payment processing network so I'm sure the perpetrator got more then enough credit card information. According to Heartland's President and CFO, Robert Baldwin, the exposed data consisted of names, credit and debit card numbers and expiration dates. The exposed data did not include cardholder social security numbers, PIN numbers, and addresses or telephone numbers, but when you think about it, if you have someone credit care information and name then you could easily find out their address and telephone number. And I am sure that the people behind this breach can easily obtain their socials with the information they have and their extensive computer knowledge. The data stolen was information encoded on the magnetic stripes on the back of debit/credit cards, which gives the perpetrators the ability to forge counterfeit cards by imprinting that same information on a fake card. Apparently, according to a breach forensic team and the U.S. Secret Service, the malicious software was some type of keylogger malware, which captures and records keystrokes on a computer, such as names and passwords. Once the keylogger malware penetrated the systems firewall, it sent out something called a sniffer which captures not only key strokes, but entire data packets passing over their digital network. Just researching keyloggers on google, it seems as if they are not hard to purchase and apparently they are widely available on the Internet. You can purchase keyboards that have the system set up already or purchase the part and software to install in the keyboard so anyone could be capable of pulling of a security breach. Whether or not this person was an insider, I'm not really sure, anyone with access to Heartland's facilities could have planted the device. It only takes a few seconds to do. A vendor could be responsible or maybe a disgruntled employee looking for revenge. I think that social engineering could have played a part in the security breach but at the same time if it was an inside job then there would be no need to trick or manipulate that person into giving you valuable information because you have access to the building and the computers. Maybe you don't have access to the specific department or network where the malware was originally found so social engineering might have been used in that case. This is a very unfortunate event that occurred to Heartland Payment Systems but at the same time it is a huge wake up call that could eventually benefit the company in the future. Since the finding of the data breach, Heartland has made an attempt to safeguard against further data breaches in the future by implementing encryption to protect data passing over the network, reached out to other merchants and companies to inform them of the data breach and what they are doing to prevent it from happening again. Over 400 new clients have joined Heartland Payment Systems since the breach so obviously Heartland Systems is taking the necessary steps to ensure their customers trust and safety.