On what many Americans consider a day of change, here we go again with more of the same: a massive data breach involving Heartland Payment Systems, a credit card payment processor, that was announced on Tuesday.
First, the good news: no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Neither was any check processing data.
Now for the bad news: since they were alerted to suspicious activity by Visa and MasterCard, tens of millions of credit and debit card numbers or transactions may have been affected.
In a press release
Robert H.B. Baldwin, Jr., Heartland's president and chief financial officer says:
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."
Heartland has created a website, www.2008breach.com
, to provide information about the breach. However, right now all it has is the press release.
It would be smart for people to monitor that site and to watch their credit card statements. As Baldwin told the Washington Post
"The transactional data crossing our platform, in terms of magnitude... is about 100 million transactions a month. At this point, though, we don't know the magnitude of what was grabbed."
Not too encouraging.