Did Windows Fail Again?
A payment processor responsible for handling about 100 million credit card transactions every month disclosed today that thieves had used malicious software in its network in 2008 to steal an unknown number of credit card numbers.
The company’s information site on the incident, attempts to downplay the loss of data by asserting that no Social Security numbers, unencrypted PINs or other types of data were stolen. But according to some good reporting from Brian Krebs at the Washington Post, Heartland’s CEO says a piece of spyware stole payment card data as it passed through the company network, including the data from the magnetic stripe that can be used to create counterfeit cards.
Heartland says it didn’t discover the breach until Visa and Mastercard came knocking about suspicious activity involving card numbers processed by Heartland. Disheartening, to say the least.