A global cyber fraud operation is thought to be behind what may be the biggest credit data breach ever reported, eclipsing the 2007 TJX breach that compromised the data of 45 million customers.
The breach occurred on the internal computer network of Heartland Payment Systems, a major payment processing company that processes 100 million transactions each month from about 250,000 businesses nationwide.
How did this happen?
After a customer swipes a credit or debit card, the information is then transmitted to obtain authorization from a bank or payment company. During this brief transmission, the data is unencrypted. "Sniffer" software, which may have been installed on Heartland's network as far back as May 2008, captured card numbers, expiration dates, and some cardholder names and internal bank codes during this authorization period. Personal security codes are not believed to have been compromised.
What credit and debit cards are impacted?
Visa, MasterCard, Discover and American Express customers are vulnerable.
How many people could be affected?
An exact number of compromised customers is not available; however, according to a report in the New York Times, 600 million or more cardholders might be affected.
When was this breach discovered?
The breach was discovered last week by a forensic investigator following inquiries by Visa and MasterCard of suspicious activity surrounding processed card transactions.
What remedies do customers have?
Heartland has set up a Web site to provide updates to customers about the incident: www.2008breach.com. Cardholders are not responsible for unauthorized fraudulent charges made by third parties. The United States Secret Service and the Department of Justice are actively involved
Please review your credit card statements carefully each month for any charges that you don't recognize.
