The largest credit card data breach ever?
Malicious software in the network of US payment processor Heartland leads to data on 100 million transactions being compromised.

US-based payments processor Heartland Payment Systems was the victim of a massive security breach, which could have exposed customer information associated with the 100 million transactions it handles each month.
Heartland found evidence of the intrusion last week, and notified law enforcement officials as well as the card brands involved. It said that the incident could have been the result of a widespread global fraud operation.
The only data compromised was names, card numbers and expiration dates as well as the information on the card's magnetic strip which could be used to duplicate cards.
Heartland was alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions. An investigation uncovered malicious software compromising data across Heartland's network.
Avivah Litan, analyst at Gartner, told the Wall Street Journal that this was the largest card-data breach ever, even beating the TJX credit card data theft last year.
Richard Wang, of SophosLabs US, said that it appeared the information stolen was enough to create fake cards.
He said on his company's blog: "Although addresses were not compromised by this breach, making card not present' fraud more difficult, this provides one more piece in the puzzle for anyone trying to assemble stolen identities."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"A name and card number from one breach could be used along with name and address from another source to build a more complete identity."
For anyone affected by the breach, more information is available on a specially-created website run by Heartland.
-
The IT industry’s shift to circular, low-carbon solutions
Maximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition review
Reviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
CISO job satisfaction is plummeting, and some are considering quitting altogether
News CISO job satisfaction is being plagued by mounting demands, poor c-suite collaboration, and stressful working patterns
-
The IT Pro Podcast: The front line of fraud tech
IT Pro Podcast With tools such as deepfakes, the future of fraud tech relies on cutting edge AI as much as good security practice
-
Podcast transcript: The front line of fraud tech
IT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
LAPSUS$ breached T-Mobile systems, stole source code
News T-Mobile has denied that the hackers obtained customer or government information
-
Exclusive: Former Shiseido staff say company was aware of data breach weeks before official notice
News Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claim
-
What is smishing?
In-depth A closer look at one of the most perilous forms of phishing
-
SentiLink raises $70 million for its identity verification platform
News SentiLink’s ID Theft Score helps businesses combat synthetic fraud
-
The IT Pro Podcast: Navigating Brexit data transfers
IT Pro Podcast The transition period is over – what happens now?