Security breach cost Heartland $12.6 million so far
Heartland Payment Systems Thursday reported that the security breach it disclosed earlier this year has cost the company about US$12.6 million so far, including legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the quarter.
Heartland also detailed plans to protect its credit- and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.
"We are in a cybercrime arms race," said Bob Carr, Heartland's chair and CEO, in explaining why Heartland intends to deploy the custom-built encryption equipment.
During the company's financial earnings call, Carr and other Heartland executives acknowledged the breach is proving a heavy financial burden and that there's no estimated total cost.
Heartland executives also strongly refuted MasterCard's assertion that Heartland did not respond quickly enough or appropriately to information it was given related to the breach. Without providing more detail, Heartland said it will contest MasterCard's assertions legally.
Heartland processes about 100 million card transactions each month, and it's not yet clear exactly how much fraud was committed when cyber-crooks tapped into Heartland's payment network. Visa and MasterCard, as well as some banks, have indicated fraud can be traced back to the Heartland breach
"Sniffers were put on the network by bad guys," said Carr in an interview this week with Network World, during which he described how cybercriminals were able to capture card information travelling in the clear between merchant point-of-sale devices and the processor's network.
At a meeting this week of the newly-formed Payments Processors Information Sharing Council, attended by about 30 industry participants, Heartland distributed on USB sticks some samples of the malware code it believes was used as part of the breach, in the hope this could help protect other companies.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
