true 12 false false 1518 true 130000000 471 2009-12-10T09:34:05-06:00 190 Hack CCN Tue Jan 20 00:00:00 -0600 2009 Organization reports incident Tue Jan 27 00:00:00 -0600 2009 Lawsuit filed Mon Jan 12 00:00:00 -0600 2009 Incident discovered by organization Sun Aug 16 00:00:00 -0500 2009 Arrest made Outside 1 --- companies_acquired: [] net_income: [] name: Heartland Payment Systems subsidiary_companies: [] ticker_symbol: - ticker_symbol: HPY stock_exchange: NYSE market_capitalization: - amount: 1000000000.0 currency: - name: US$ valid_date: "2007-12-31" board_members: - title: from: member: Richard Vague to: - title: from: member: Scott L Bok to: - title: from: member: Jonathan J Palmer to: - title: from: member: Mitchell L Hollin to: - title: from: member: Marc Ostro to: - title: from: member: George F Raymond to: - title: from: member: Robert H Niehaus to: type: /business/company operating_income: - amount: 88200000.0 currency: - name: US$ valid_date: "2006-12-31" number_of_employees: [] revenue: - amount: 1097000000.0 currency: - name: US$ valid_date: "2006-12-31" Heartland Payment Systems, Inc. (NYSE: HPY) is a payroll service provider and the 6th largest credit card processor in the United States specializing in small to mid-sized restaurants and retail merchants. Founded by Robert O. Carr in 1997, HPS is based in Princeton, New Jersey. In processes transactions for more than 250,000 business locations in the United States., totaling about 100 million transactions each month. About forty percent are for small to mid-sized restaurants. On January 20, 2009, during the inauguration of Barack Obama, HPS announced that it had been "the victim of a security breach within its processing system in 2008", involving "malicious software that compromised data that crossed Heartland's network". Robert Baldwin, Heartland's president and chief financial officer,... Heartland Payment Systems 1459 Heartland Payment Systems HPY 2009-02-19T13:53:09-06:00

Malicious Software/Hack compromises unknown number of credit cards at fifth largest credit card processor

Washington Post is saying 100,000,000 cards, see the washington post reference. Tue Jan 20 14:04:39 -0600 2009 This breach is most likely WELL over 100mill. Heartland does 100mill or more PER MONTH. I would estimate 5-700 mill. Tue Jan 20 17:07:49 -0600 2009 The PSP in this case is of course PCI compliant? Not! If they were Tripwire (or similiar) and malware should have been installed as standard and would have potentially protected against this....... Wed Jan 21 05:19:35 -0600 2009 Actually, they were PCI compliant as of April 2008. Thu Jan 22 11:26:01 -0600 2009 http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf Service Provider: Heartland Payment Systems Validation Date: April 30, 2008 Services Covered by Review: Payment Processing Assessor: Trustwave Fri Jan 23 04:35:43 -0600 2009 "No confidential merchant data, Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were retrieved in what is believed to be a global cyber-fraud operation. Heartland does not yet know how many card numbers were obtained." http://www.snl.com/irweblinkx/file.aspx?IID=4094417&FID=7249269 Fri Jan 23 12:42:47 -0600 2009 An OSF staff member mailed the PCI-DSS contact for Trustwave asking for public comment. Sat Jan 24 04:32:21 -0600 2009 Suspect supposedly pinpointed per http://www.storefrontbacktalk.com/securityfraud/feds-identify-overseas-suspect-in-heartland-case/ Sat Jan 24 13:13:55 -0600 2009 Lawsuit filed : http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1346268,00.html Wed Jan 28 14:06:25 -0600 2009 I received a new discover card this week. The account number did not change, but the expiration and validation code on the back changed. When I called Discover to activate the card I ask why the change and he acknowledge it was due to the Heartland compromise. Fri Jan 30 17:01:10 -0600 2009 I've been watching this one since it happened in January. I just now (May 11th) got notified by Suntrust that my card may have been compromised in this breach. 4 months to notify me? They've got to be kidding. Mon May 11 18:17:18 -0500 2009 In a recent update Heartland Payment Systems announced today (January 8, 2010) that it will pay Visa-branded credit and debit card issuers up to $60 million to cover losses incurred from the Heartland data breach. http://www.bankinfosecurity.com/articles.php?art_id=2054&rf=010910eb Mon Jan 11 04:16:10 -0600 2010

90 Nassau St, Princeton, NJ 08542, USA

90 Nassau St Princeton Mercer NJ 08542 US 40.3499 -74.66 8