Wall Street Journal technology section reports this morning in a story by Ben Worthen a record security breach of Heartland Payment Systems a company in Princeton New Jersey. It looks like the company’s web site runs on Windows servers.
A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported.
Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.
The problem was discovered after fraudulent transactions were reported to Heartland by Visa and Master card. It appears that the breach was discovered by a forensic investigator who said that the malicious software was “light years more sophisticated” than other malevolent programs in existence today.
Heartland processes transactions for more than 250,000 customers and its not clear how many credit card numbers it has access to.
It just goes to show that as much of a pain security is and PCI compliance is just a tip of the iceberg necessary to keep the bad guys out.
For more interesting reading, and a list of the 2008 security breaches compiled by ITRC check out the company’s site or this 2008 security breach report (pdf).