Malware Breach - may be largest ever!

Heartland Payment Systems, Inc., a company that processes payroll and credit card payments for more than 250,000 businesses in the U.S. and Canada. Customers include convenience stores and pay-at-the-pump service stations. Heartland is currently the 6th largest payments processing company in the US.



What happened?
It has been disclosed that Heartland Payment Systems had been infected with malware which led to the theft of credit card data. Heartland has not been able to determine the number of potential victims, but the company has revealed that they process 100 million credit card transactions per month on behalf of their 250,000 merchant accounts.

On 29th January 2009, the law firm of Berger & Montague, filed a class action suite on behald of all the cardholders whose credit or debit card data was stolen from Heartland Payment Systems.

The lawsuit seeks to redress the Heartland's failure to safeguard cardholder data.

Data thieves reportedly installed malicious software on Heartland's payment processing network as early as May 2008.

Why didn’t they do anything?
We’re not sure, but they clearly didn’t understand the potential ramifications of a malware infection and didn’t have the proper malware detection tools. Visa and MasterCard notified Heartland of the potential malware infection sometime last fall, after noticing suspicious customer account activity stemming from transactions processed by Heartland. Despite Visa and MasterCard’s warnings last year, Heartland was unable to determine the source of the compromise (the malware) until sometime last week.

How many people did the breach affect?
The exact number of compromise accounts is currently unknown; though experts speculate up to 100 million accounts could have been exposed, making the Heartland breach the largest in history.

What was the impact on Heartland Payment systems?
It seems Heartland did not understand the importance and value in comprehensive internet security. As a result, Heartland’s corporate reputation is permanently tarnished and they will no doubt see lasting financial implications. Heartland now must face the expense of clean-up and recovery, the damaging affects on its reputation, loss of confidence in its services and possible additional financial loss due to legal action. The Heartland compromise also underscores how a malware infestation with one company can impact all the customers of that company, as well as their customer’s customers.

What does the Heartland breach mean to me?
The Heartland breach is a perfect case study on the risk that today’s malware poses to the enterprise and to the importance of comprehensive malware detection in today’s business world. Had Heartland used a comprehensive malware protection service, they would have avoided the breach altogether. On average 20% of malware detected is not detectable by signature methodology at the time of initial encounter and some days the rate of zero-day malware detection is considerably higher. For example, on certain days in late March and again in late May, 85% of detected malware was the result of zero-day malware detection.

PCI DSS (Payment Card Industry Data Security Standard) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. A company processing, storing, or transmitting cardholder data must be PCI DSS compliant.

To prevent your organisation becoming the next Heartland, contact one of our security specialists to talk about becoming PCI DSS Compliant.

Useful Links for your compliancy
Two Factor Authentication

Application Level Firewalls

Network & Security Monitor