Massive Theft of Credit Card Numbers Reported

Erik Larkin

Jan 21, 2009 3:02 am

A payment processor responsible for handling about 100 million credit card transactions every month today disclosed that thieves had used malicious software in its network in 2008 to steal an unknown number of credit card numbers.

The company's information on the incident site, http://2008breach.com/, attempts to downplay the loss of data by asserting that no Social Security numbers, unencrypted PINs or other types of data were stolen. But according to some good reporting from Brian Krebs at the Washington Post, Heartland's CEO says a piece of spyware stole payment card data as it passed through the company network, including the data from the magnetic stripe that can be used to create counterfeit cards.

Heartland says it did not discover until the Breach Visa and Mastercard came knocking about Suspicious activity involving card numbers processed by Heartland. Disheartening, to say the least.

It's all the more sad that we as consumers really can not do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it's handled by the plethora of companies that store and process our information. All you can do is to keep an extra close eye on your credit card statements and credit reports for anything Hound.

You can pick up free credit reports from https: / / www.annualcreditreport.com (slimy avoid those sites that try to get you to pay for them). Also, as you scan your credit card statements, be on the lookout for even small charges, possibly even less than a dollar. Such charges can be a sign that thieves are testing the account to see if they can pass a fradulent charge, and may signal a much larger charge to come.

For more info on the Heartland theft, see Krebs' Security Fix post and the Heartland disclosure site. And yes, you have to wonder about disclosing this on a day when most everyone's attention is focused elsewhere.

Pcworld