IMGCAP(1)]
Heartland Payments Systems Inc. says hackers breached its processing network last year and captured the credit and debit card numbers and expiration dates of an undisclosed number of cards, the company announced today. Robert H.B. Baldwin Jr., Heartland president and chief financial officer, tells CardLine Baldwin identified the breach as a "sniffer" program that made it past the company's antivirus software. The "sniffer" program delivered the card data it collected to the fraudsters. "We moved quickly on this," Baldwin tells CardLine. "It is clear that card numbers and expiration dates were taken by the bad guys." In some cases, thieves stole cardholder names, Baldwin says. "We just don't know how many cards at this time," he says. In a statement, the company says the incident "may be the result of a widespread global cyberfraud operation," but Baldwin would not elaborate. Princeton, N.J.-based Heartland last week notified MasterCard Worldwide, Visa Inc., American Express Co., Discover Financial Services, the U.S. Secret Service and the U.S. Department of Justice of the breach after it found evidence of the malicious software, he says. MasterCard says it is monitoring the investigation into Heartland breach and is notifying issuers as necessary. Visa referred all inquires to Heartland. All of the transactions, which include an undetermined mix of card-present and card-not-present credit and debit transactions, were made in the United States. Hackers did not get merchant data, Social Security numbers, unencrypted personal identification numbers, addresses or telephone numbers, Baldwin says. The breach did not involve Heartland's check-management systems, Canadian payment services, payroll cards, campus products or micropayment operations, the company says. It also did not affect the company's Give Something Back charitable-donation service or its Network Services and Chockstone processing systems. Heartland says the company used forensic investigation auditors to identify the breach so the hackers access could be ended.
