Yesterday during the biggest day in America's history, Heartland Payment System finally revealed that it's systems were compromised by hackers in late May of 2008. Speculation around the blogosphere is that the company waited until all eyes were on television sets around the world to announce the news. Heartland Payment System is a New Jersey, NY based company that handles an estimated 100 million transactions a month, serving over 250,000 customers.
President and Chief Financial Officer, Robert Baldwin, told the Washington Post that at this point the company has no idea how long the malicious software was in place or how it got there. The data that has been compromised includes names, credit and debit card numbers, and expiration dates. However according to the company no social security numbers, personal identification numbers (PIN), addresses, or telephone numbers have been compromised. This leaves the hackers very limited as to what they can do with the compromised information.
"Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible," Baldwin said. "In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers."
The company immediately launched 2008breach.com alerting customers of the attack, and has advised that anyone who has used Heartland Payment Systems to immediately look at their monthly credit card statement and immediately report any suspicious activity to their card holders. Analysts around the world are reporting that this could and is the biggest data breach in history, even bigger than the TJX incident.