US-based payments processor Heartland Payment Systems was the victim of a massive security breach, which could have exposed customer information associated with the 100 million transactions it handles each month.
Heartland found evidence of the intrusion last week, and notified law enforcement officials as well as the card brands involved. It said that the incident could have been the result of a widespread global fraud operation.
The only data compromised was names, card numbers and expiration dates as well as the information on the card's magnetic strip which could be used to duplicate cards.
Heartland was alerted by Visa and MasterCard of suspicious activity surrounding processed card transactions. An investigation uncovered malicious software compromising data across Heartland's network.
Avivah Litan, analyst at Gartner, told the Wall Street Journal that this was the largest card-data breach ever, even beating the TJX credit card data theft last year.
Richard Wang, of SophosLabs US, said that it appeared the information stolen was enough to create fake cards.
He said on his company's blog: "Although addresses were not compromised by this breach, making card not present' fraud more difficult, this provides one more piece in the puzzle for anyone trying to assemble stolen identities."
"A name and card number from one breach could be used along with name and address from another source to build a more complete identity."
For anyone affected by the breach, more information is available on a specially-created website run by Heartland.
