Customers that contract with Heartland Payment Systems to process
retail and online payments likely are protected from a security breach
that some rank as one the largest recorded in history.
comes from an insider at New Jersey-based Heartland, who explains that
while hackers might have gleaned the credit card numbers of thousands
of cardholders, they did not get the names, addresses and CVV (card
verification value) numbers that accompany the cards and are required
to complete most transactions.
Heartland serves many small
businesses, including an undisclosed number of veterinary practices as
well as the Veterinary Information Network (VIN).
in close contact with Heartland to ensure we were doing all we could
and giving VINners the most accurate information available. Everything
we’ve learned gives us confidence that the risk to VIN members and to
their clients, if they use Heartland as the processor for their clinic,
is very low,” VIN founder Dr. Paul Pion says. “Although Heartland has
communicated to us that VISA and MasterCard have told them that because
the information 'stolen' was incomplete, notification of cardholders is
not necessary, our advise to VINners, as always, is to keep a close eye
on your credit card statements — and please don't hesitate to notify
VIN if anything suspicious appears. We will inform all VIN members if
any new information arises that changes our assessment of this
In a news release issued yesterday
announced it has formed an internal department dedicated to developing
additional protection measures for clients. Last Friday,
company founder and chief executive officer Robert Carr noted
other merchant data such as social security numbers, unencrypted
personal identification numbers and telephone numbers remain protected.
Carr characterizes the breach, covered last week
by The VIN News Service, as a “global
cyber-fraud operation.” The company reportedly is working with the
forensic auditors and the U.S. Secret Service, which investigates
payment and financial systems fraud.
Officials say Visa and
MasterCard alerted Heartland in late 2008 of “suspicious activity”
related to transactions at merchants that contracted with the company
to process payments. They discovered that “malicious
software” had compromised data that crossed Heartland’s network.
found evidence of an intrusion last week and immediately notified
federal law enforcement officials as well as the card brands,” explains
Robert H.B. Baldwin, Jr., Heartland’s chief financial officer and
president in a Jan. 20 statement
Since then, CEO Carr has put a
call out for industry adoption of improved safety standards for payment
security such as end-to-end encryption, a technology in development
that offers additional data protection.