Tuesday, January 20, 2009

Spyware Driven Credit Card Breach May Affect 100 Million

The Washington Post, via the Consumerist reports that up to 100 million credit card numbers, expiration dates, and names may have been exposed by a breach at Heartland Payment Systems. Heartland processes payments for over 250,000 businesses, many of which are small and mid-size restaurants.

The breach was caused by "A piece of malicious software planted on the company's payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients."

Heartland will not be offering identity theft prevention according to the Post's interview:

"Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible," he said. "In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers."
The Post also notes that announcing on inauguration day is a clever, non-5PM on a Friday method of burying the announcement. We'll have to see how this one shapes up!

No comments: