Intruders hack payment company

By Lindsay Cohen email

WEST PALM BEACH, FL (WFLX) -- As if the faltering economy weren't enough, you can now add the potential of massive credit and debit card fraud to the list.

Hackers have made their way into databases at Heartland Payment Systems in Princeton, NJ, the company reports. Heartland handles accounts for nearly a quarter-million merchants and processed about 100 million transactions each month in 2008, although the company says it is still not sure how many credit card accounts may be impacted.

"It could be the largest breach ever," said cyber law attorney Andrew DeVore. "It will dwarf the largest prior breach."

The largest breach to date was in 2007, after hackers made their way into information at TJX Companies, which owns retailers TJ Maxx and Marshalls. An estimated 45 million credit and debit card accounts were impacted.

Heartland believes the breach is part of a global cyber-fraud operation, and says that that no confidential merchant data, social security numbers, or customer addresses or telephone numbers were violated.

"Our energized organization called on the owners of more than 150,000 business locations these past three days to help them understand the breach and what it means to them," said Robert O. Carr, Heartland's chairman and chief executive officer, in a statement. "I couldn't be prouder of our entire organization for the way everyone has pulled together to help."

Meantime, security experts are calling into question whether the company has downplayed the danger to untold millions of consumers.

"I think the release of information was a bit manipulative, on the timing," said Avivah Litan, a security analyst with the Gartner Group. "It was released on Inauguration Day but the incident was known about several days before.

Heartland recommends that consumers review their monthly credit and debit card statements and report any suspicious activity immediately.