Up to 100m transactions at risk after 'potentially huge' data breach

22 January 2009

Details of up to 100 million card transactions could have been intercepted by criminals after they secretly installed spyware on the computer network of the sixth biggest payments processor in the United States.

Heartland Payment Systems said it discovered the security breach last year when malicious code was detected in software that handles transactions for around 175,000 of the 250,000 retailers and merchants it works with, the Associated Press reports.

The company added that it is impossible to say how many cards were affected by the breach because the spyware captured data as it was transferred, unencrypted, across its network.

In a statement, Heartland confirmed the security loophole has been closed, but the Associated Press said it already faces the likelihood of "big penalties" from reimbursing banks for the cost of replacing compromised cards.

Some analysts told the news service that the reputational damage caused by such a potentially large breach could even threaten the future of the company.

In 2005, another payments processor - CardSystems Solutions - collapsed after data on 40 million credit card accounts was compromised and many of the big card brands stopped doing business with the firm.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development