Lessons from the Data Breach at Heartland How a top payments processor responded to the largest-ever criminal pilfering of credit-card data, and what other companies can learn from it
By Rachael King July 6, 2009, 3:33PM EST
Robert Carr was settling in for the evening in a New York hotel on Jan. 12 this year when at 10:30 p.m. he got a phone call that every financial services executive dreads. Carr, CEO of Heartland Payment Systems (HPY), learned that intruders might have hacked into the company's computer network.
The next morning, his fears were confirmed. For a period starting in May 2008, cybercriminals had burrowed deeply into Heartland's network and recorded consumers' credit- and debit-card data. "That's the worst thing that can happen to a payments company and it happened to us," says Carr.
Heartland, the fifth-biggest payments processor in the U.S., had suffered what within days would be called the largest-ever criminal breach of card data. Security experts estimate that as many as 100 million cards issued by more than 650 financial services companies may have been compromised. Heartland faces class actions and inquiries by federal regulators over the matter.
...