Security breach cost Heartland $12.6 million so far
Heartland Payment Systems Thursday reported that the security breach it disclosed earlier this year has cost the company about US$12.6 million so far, including legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the quarter.
Heartland also detailed plans to protect its credit- and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.
"We are in a cybercrime arms race," said Bob Carr, Heartland's chair and CEO, in explaining why Heartland intends to deploy the custom-built encryption equipment.
During the company's financial earnings call, Carr and other Heartland executives acknowledged the breach is proving a heavy financial burden and that there's no estimated total cost.
Heartland executives also strongly refuted MasterCard's assertion that Heartland did not respond quickly enough or appropriately to information it was given related to the breach. Without providing more detail, Heartland said it will contest MasterCard's assertions legally.
Heartland processes about 100 million card transactions each month, and it's not yet clear exactly how much fraud was committed when cyber-crooks tapped into Heartland's payment network. Visa and MasterCard, as well as some banks, have indicated fraud can be traced back to the Heartland breach
"Sniffers were put on the network by bad guys," said Carr in an interview this week with Network World, during which he described how cybercriminals were able to capture card information travelling in the clear between merchant point-of-sale devices and the processor's network.
At a meeting this week of the newly-formed Payments Processors Information Sharing Council, attended by about 30 industry participants, Heartland distributed on USB sticks some samples of the malware code it believes was used as part of the breach, in the hope this could help protect other companies.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by TwitterOn Twitter now
data breach
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
