Heartland Hacking Could Affect 100 Million
Despite compliance with security standards, card processing company Heartland Payment Systems announced a record-breaking security breach in a news story that broke Jan. 21. The company services 175,000 merchants amounting to some 100 million cards, according to company records.
Prior to the breach, the Jefferson, IN-based company had accurately followed Payment Card Industry (PCI) security standards, according to representatives, and had employed strong encryption to thwart potential hackers.
Nevertheless, attackers managed to slip past Heartland’s computer security stops, possibly slipping by before the encryption was put in place, reporters say. (A full story can be found here.)
Breaking Records…the Hard Way
Observers say this is the first major breach of 2009 and may surpass previous records as far as the number of people it ultimately affects and/or total potential losses.
Less than on month into the new year, experts note that the last similar crime to approach this magnitude occurred in 2007, when TJX–owner of such store chains as T.J. Maxx and Marshalls–was hacked to the tune of 94 million customer records.
A Group is Suspected
Officials have also stated they believe the Heartland computer breach to be the work of a group of computer hackers rather than just one individual.
What’s more, the Heartland hackers may be part of an even larger circle of security breach criminals.
Robert Baldwin, president and CFO of Heartland, told reporters, “Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions,” adding, “This is a sophisticated attack.”
Conspiracy to Hack
The crime is believed to have been thought out well in advance and carefully planned, with some indications that the hacking may have begun as early as May of last year.
Noting that standard security measures aren’t infallible, Chris King of firewall company Palo Alto Networks, commented, “Most security technologies in use today are about looking for the explicitly…bad. And that leaves a lot of room for error.”
Combined Efforts are the Best Protection
It’s hard to say what might have kept such a devastating breach from happening. But the fact remains that the more companies–and individuals–are watching their accounts, the less likely a similar crime is to happen.
Companies, employees and consumers alike may wish to look into anti-security and ID theft measures, such as “watchdog” monitoring services. If any suspicious activity is detected, no matter how small, chances for capturing the thief or preventing the theft entirely are increased.
In the meantime, as 2009 unfolds, companies continue to employ measures to try to thwart hackers who see a good thing. With a combined effort task force in any given company or institution, the hope is that the year will end up on a much higher note than the one on which it has begun.
February 10th, 2009 at 6:19 pm
[...] theft of files as was witnessed in the breaking into of a potential 100 million customer cards of Heartland Payment Systems in January and the hacking of Microsoft’s Internet Explorer last [...]