100 Million Credit Cards Stolen in Largest Cyber Crime Ever

If you are a small company that needs to process credit card payments, you probably can’t afford an expensive solution and high processing fees.  Most small customers go with a tailored service that understands small business needs, and one of the best companies working with small businesses is Heartland Payment Systems.  Chances are, if you use your credit card at such places as pay-at-the-pump gas stations, parking lots, retail, restaurant, school campuses, hospitality and community banks, then Heartland may be the backend processor of your credit transactions.

And that is what makes the latest reported breach yesterday such a big story.  Some type of spyware or malware program had been installed on the internal network of Heartland and they suspect that it may have siphoned off the details of 100 Million credit card transactions.

Brian Krebs of the Washington Post broke the story here.

Heartland, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments.

40 percent of transactions the company processes are from small to mid-sized restaurants across the country.

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. It wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients.

Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

The transactional data crossing our platform, in terms of magnitude… is about 100 million transactions a month,” Heartland said.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

In many cases where a processor experiences a breach, the affected banks may simply re-issue new cards to some customers. In other cases, consumers may spot the first signs of fraudulent activity by reviewing their bank statements.

So keep an eye on your credit card statements.  If you notice something fishy, report it immediately and get a new card.