Information on Merchant Accounts,
Ecommerce and Credit Card Processing

January 20th, 2009 by Jamie Estep

Heartland Suffers Massive Data Breach – update

Filed in: Industry News, Merchant Accounts | 2 comments

Heartland payment systems today has been reported to have been victim to one of the largest credit card data breaches in history.

Heartland discovered malicious software that was recording credit card information as it was being sent to heartland for processing. Heartland processes roughly 100 millions transactions per month, for 250,000 US businesses.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

Right now it is currently unknown how much data has been collected, how/if it has been used, or how long the malicious software was recording information. The current largest data breach in history was about 45 million card number by TJX (TJ Max and Marshals) which cost the retailer almost $2 Billion dollars. Depending on how much data was lost, this breach could surpass the cost of the TJX breach.

I’ve been reading comments on various blogs and new sites on the internet and so far there is a lot of backlash and anger from consumers and businesses. We’ll see in the near future how this breach will affect Heartland, but it seems safe to assume that this will be an extremely costly event for one of America’s largest ISO’s.


The software on the Heartland’s network was installed as early as May. Based on the volume of transactions, as many as 600 million card numbers were potentially vulnerable, although the actual number stolen was likely less than this. With that sort of exposure, and the sheer number of merchants that process with heartland, it’s not impossible that every single card holder in the US was exposed in this data breach.

2 Responses to “Heartland Suffers Massive Data Breach – update”

  1. Dave Bergert January 20, 2009 at 10:59 pm

    The 2 Billion estimate is pretty exaggerated See:
    True Cost Of Data Breaches Much Less Than Thought:

  2. jestep January 21, 2009 at 10:14 am

    Thanks for the article. I’ve read all the way up to $600 per card lost before. It’s always interesting to see how stats (which should be fact) differ depending on who’s presenting them.