Hackers attack credit card processor in massive security breach
Last Updated: Wednesday, January 21, 2009 | 9:41 AM ET
CBC News
Related
Internal Links
Video
- Ron Charles reports: Hackers attack credit card processor in massive security breach (Runs: 2:23)
- Play: QuickTime »
- Play: Real Media »
- Louise Martin reports: Hackers attack credit card processor in massive security breach (Runs: 2:36)
- Play: QuickTime »
- Play: Real Media »
A U.S.-based company that processes credit card transactions for more than 250,000 businesses has uncovered a massive security breach, officials said Tuesday.
New Jersey-based Heartland Payment Systems said malicious software in its processing system was uncovered last week.
Canadian merchants were not believed to be affected, although consumers who may have travelled to the U.S. and used a Visa or MasterCard credit card are advised to check their credit card statements for any irregularities.
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," Robert H.B. Baldwin Jr., Heartland's president and chief financial officer, said in a release.
"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are co-operating closely with the United States Secret Service and Department of Justice."
The company said the breach did not affect merchant data, social security numbers, unencrypted personal identification numbers, addresses or telephone numbers.
CBC News' Marivel Taruc, who spoke with Baldwin, said authorities suspect Heartland may not be the only company to have been hacked in this operation. Authorities suspect the extent of the breach could be among the largest ever committed.
"The other concern here [is] cyber experts are saying this could be the biggest breach of credit card fraud online ever … because Heartland processes 100 million transactions every month," Taruc said.
The largest online data breach — in which more than 94 million credit and debit cards were exposed — was committed in January 2007 against the TJX Cos.
A probe by the privacy commissioner's office found the Massachusetts-based parent company of Winners and HomeSense collected too much information, kept the data for too long and relied on weak WEP encryption technology to protect its wireless local networks.
The privacy commissioner also found the hackers did not use sophisticated equipment to break into the computer system.
Share Tools
Top News Headlines
- NDP wants RCMP inquiry into $90K payment to Duffy
- The NDP has asked the RCMP to launch an investigation into the $90,000 payment from the prime minister's former top aide, Nigel Wright, to Senator Mike Duffy in relation to the Senate expense scandal. more »
- Will alleged Rob Ford video overshadow Toronto casino debate?
- A debate about a proposed downtown casino is supposed to take centre stage at Toronto City Hall on Tuesday, but it seems a safe bet that a still-unseen video of Mayor Rob Ford will continue to be a topic of conversation. more »
- Canadian on EI shut out amid foreign worker influx
- A jobless Canadian IT professional who is collecting employment insurance is upset because he now suspects several recent jobs he applied for went to temporary foreign workers. more »
- Baseball fuels dreams, desperation in Dominican Republic
- The Toronto Blue Jays have a number of stars from the Dominican Republic, but in the shadow of these successful players is an equally important story about hope and poverty, and a country desperately struggling to balance the two. more »
Must Watch
- 51 dead after tornado levels Oklahoma suburbs
- Edmonton driver, 62, charged in boy's patio death
- Unknown remains found on Dellen Millard's farm
- Will alleged Rob Ford video overshadow Toronto casino debate?
- Netflix and the rise of binge TV watching
- B.C. man feared kidnapped in Mexico
- Ray Manzarek of The Doors dies at 74
- Canadian on EI shut out amid foreign worker influx
- Central Newfoundland digs out from freak snowfall
