Summary: From The New York Times:
Credit Card Processor Says Some Data Was Stolen
January 21, 2009
By ERIC DASH and BRAD STONE
Heartland Payment Systems, a major payment processing company, disclosed a
data breach on Monday that potentially exposed tens of millions of credit and
debit cardholders to the risk of fraud in what could quickly become one of the
country's biggest data compromises.
Robert H. B. Baldwin Jr., Heartland's president and chief financial officer,
said that his company believed the card numbers, expiration dates, and in
some cases cardholder names were exposed after attacks on its computer
systems at the one point where data had been unencrypted.
Once consumers swiped their cards, so-called sniffer software captured that data
as Heartland sought authorization from the major payment companies and
banks. Customers of Visa, MasterCard, American Express and Discover
Financial were all vulnerable.
"We have industry-leading encryption, but the data has to be unencrypted
to request the information," Mr. Baldwin said. "The sniffer was able to grab
that authorization data at that point."