Company executives at Heartland Payment Systems, a credit card processing company based in Princeton, N.J., said that they suspected the attack was launched by embers of an organized international cybercrime ring.
Heartland executives first learned of the security breach in October 2008, when credit card companies Visa and MasterCard alerted them to suspicious activity processing card transactions.
Heartland Payment Systems issued a press release officially announcing the breach on Tuesday, Jan. 20, the day of Barack Obama's Presidential inauguration.
Heartland President and Chief Financial Officer Robert Baldwin Jr. said in the written statement that the company "immediately notified federal law enforcement officials as well as the card brands" upon learning of the breach. Baldwin said that Heartland was "cooperating closely" with officials from the U.S. Secret Service and Department of Justice, who assisted in the investigation, along with several forensic auditors enlisted by the company.
Baldwin said that the security breach might have been the result of a widespread global cyberfraud operation after the investigation revealed last week that malicious information-stealing software might have exposed copious amounts of data in Heartland's network.
While Heartland has not yet disclosed the exact number of compromised accounts, experts estimate that the number could well exceed 100 million, making the incident the largest security breach in history.
"Most of these companies don't even know they're being hacked," said Mandeep Khera, chief marketing officer for application security and risk management consulting company Cenzic, based in Santa Clara, Calif. "They would never have caught this problem if Visa and MasterCard didn't notice something fishy on the transactions."
Following the investigation, Heartland execs said that they took additional, mitigating steps to secure the company's systems, which include a plan to implement a program to alert users of malicious threats attacking the network in realtime.
"It's not about preventing (security breaches) per se, but detecting them as quickly as possible," said Eric Skinner, CTO of Addison, Texas-based Entrust, which specializes in digital certification and data protection.
In addition, Heartland also created a Web site -- 2008breach.com -- dedicated to providing information about the security incident. On its site, Heartland advised users to closely monitor monthly credit card and bank statements, and to immediately report any suspicious activity to appropriate authorities.
Some experts say that this latest security attack represents the "tip of the iceberg," possibly indicating a trend of more undetected attacks on slightly smaller companies with vulnerable networks.
"(Hackers) are going midsize to larger size right now. Obviously the small retailers and Web sites aren't secure at all. But most of the midsize and large corporations are also not secure," said Khera, adding that there likely wouldn't be many large-scale attacks like the Heartland breach simply because of the size and scope of the undertaking.
"It obviously takes more planning. At the same time, you'll see a few large ones but hundreds of other midsize data breaches. That's the weakest link," he said.
Meanwhile, Skinner said the incident could be due to corporate insider threats, in which an individual accesses the company's network or data systems for illegitimate purposes from within the company.
In light of the enormous amount of data lost because of the Heartland breach, Skinner said that corporations will likely start to adopt data loss prevention technologies that encrypt internal communications within the network.
"What you're seeing here is the weakest link in the chain. Heartland locked down their external communications very well and someone went after them on the inside," Skinner said. "We just have to keep on learning from these incidents and react accordingly."
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Wasabi
Wasabi

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Hitachi Vantara
Hitachi Vantara
