Heartland Payment Systems may now hold the dubious distinction of “largest security breach ever” in the wake of a hack that may have been sniffing card numbers, expiration dates and track data off the processor's network from as early as May until last month. The number of cards compromised is still a matter of conjecture—the biggest guesstimate has been about 100 million, but Heartland CEO Robert Carr is scolding those who jump to that concusion.
Beyond the hyperbole is the alarming truth that, yet again, the compromise took place on the target's internal system, just as it did in the TJX, Hannaford, and CardsSystems cases. And again, it wasn't discovered by the processors, but rather detected by Mastercard and Visa when they sniffed out fradulent transactions. Michael Santarcangelo in Computerworld keys in on this, noting, “The breach disclosure from Heartland provides more evidence that breaches are symptoms; focus must be placed on understanding and addressing root causes.”