Malware Found In Heartland Bank Card Payment System
Heartland Payment Systems, a publicly traded company that provides bank card payment processing services to merchants in the U.S., has suffered a malware breach that may be linked to a “widespread global cyber fraud operation.”
The data breach could turn out to rival the massive breach reported by TJX in 2007, which affected as many as 94 million credit card accounts. Heartland handles 100 million transactions per month for more than 250,000 businesses. But the company isn’t yet ready to disclose the number of credit card accounts affected.
The breach was the result of keylogging malware, which covertly captures anything typed on an infected computer, such as user names and passwords. There were two elements to it, one of which was a keylogger that got through a firewall. Then subsequently it was able to propagate a sniffer onto some of the machines in our network. And those are what was actually grabbing the transactions as they floated over our network. A sniffer is similar in concept to a keylogger, but rather than merely capturing keystrokes, a sniffer captures entire data packets on a network.
In a statement, the company said its system used to process Visa, MasterCard, American Express and Discover Card transactions was breached last year but insists that customer and merchant data was not affected. According to Robert H.B. Baldwin, Jr., Heartland’s president and chief financial officer:
We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.
No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.
After being alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland’s network.
More on CyberInsecure:
September 3rd, 2010 at 9:48 am
Help me understand something…
So ultimately was it a keylogger or SQL injection that delivered the sniffers that stole data from Heartland?
I’m confused on what really happened. Early reports said keyloggers then it was later reported the attacked happened through SQL injection.
September 4th, 2010 at 6:16 pm
Malicious software, like keyloggers or sniffers, was installed by exploiting a vulnerability through SQL injection.