Princeton, NJ-based payments processor Heartland Payment Systems said today its processing system was the victim of a security breach last year but that no merchant data or cardholder Social Security numbers, personal identification numbers (PIN), addresses or telephone numbers were involved.
The company said it believes the breach has been contained, and that additionally none of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms were breached.
“We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands,” said Robert H.B. Baldwin, Jr., Heartland’s president and CFO, in a statement. “We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.”
The company said it was alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions, and used forensic auditors to investigate. The investigation revealed malicious software that compromised data that crossed Heartland’s network, the company said.
Heartland said it took steps to further secure its systems, and plans to implement a next-generation program designed to flag network anomalies in real-time.
Heartland is advising cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers, and said information about the incident can be found at www.2008breach.com.