Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 20th, 2009

Malware Found In Heartland Bank Card Payment System

Heartland Payment Systems, a publicly traded company that provides bank card payment processing services to merchants in the U.S., has suffered a malware breach that may be linked to a “widespread global cyber fraud operation.”

The data breach could turn out to rival the massive breach reported by TJX in 2007, which affected as many as 94 million credit card accounts. Heartland handles 100 million transactions per month for more than 250,000 businesses. But the company isn’t yet ready to disclose the number of credit card accounts affected.

The breach was the result of keylogging malware, which covertly captures anything typed on an infected computer, such as user names and passwords. There were two elements to it, one of which was a keylogger that got through a firewall. Then subsequently it was able to propagate a sniffer onto some of the machines in our network. And those are what was actually grabbing the transactions as they floated over our network. A sniffer is similar in concept to a keylogger, but rather than merely capturing keystrokes, a sniffer captures entire data packets on a network.

In a statement, the company said its system used to process Visa, MasterCard, American Express and Discover Card transactions was breached last year but insists that customer and merchant data was not affected. According to Robert H.B. Baldwin, Jr., Heartland’s president and chief financial officer:

We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands. We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice.

No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.

After being alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland’s network.

Share this item with others:

More on CyberInsecure:
  • Forcht Bank Disables 8500 Debit Cards After Breach
  • Credit Cards Data Stolen In 1st Source Bank Intrusion
  • Scammers Scrape RAM For Bank Card Data
  • Spanish Payment Breach Prompts Huge German Card Recall
  • Identity Theft Scam In Lunardi’s Supermarket In Los Gatos

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malware Found In Heartland Bank Card Payment System

    2 Responses to “Malware Found In Heartland Bank Card Payment System”

    1. Help me understand something…

      So ultimately was it a keylogger or SQL injection that delivered the sniffers that stole data from Heartland?

      I’m confused on what really happened. Early reports said keyloggers then it was later reported the attacked happened through SQL injection.

    2. CyberInsecure Says:
      September 4th, 2010 at 6:16 pm

      Malicious software, like keyloggers or sniffers, was installed by exploiting a vulnerability through SQL injection.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.