To Merchants, Cardholders and Card Issuers:
On behalf of Heartland Payment Systems, I sincerely regret any inconvenience caused by the data breach that occurred within our processing system during 2008. Heartland understands the concern this breach has generated, and our goal is to transform this event into a positive outcome for the public, card issuers and other payment processors.
To that end, we will not rest until we have the answers to how and why this breach occurred so we can prevent any future attacks at Heartland and elsewhere. We are coordinating with the Secret Service and the United States Department of Justice to resolve this issue. I have reached out to other leaders in the payments industry to encourage a new level of information sharing and cooperation that I believe will help thwart criminal hackers in the future.
Our organization and business model was founded on fair dealings, transparency and merchant advocacy. That operating philosophy has been successful for the 12 years we have been in business. Our faith in that philosophy has been sustained over the past few days.
In fact, since our disclosure of the breach on Tuesday, January 20, 2009, more than 400 new merchants, new payroll clients and new check management clients have demonstrated their continued trust in our services by joining as new customers. Heartland is grateful for that trust, and we will do everything possible to uphold our promise of enhanced data security.
In the past several days, we have taken the following forward-looking steps to improve security:
- Created plans and taken actions to expedite the development of end-to-end encryption — which will protect data in motion as well as data at rest — as an enhanced standard of payments security.
- Engaged industry leaders to better coordinate and intensify our fight against cyber criminals.
- Contacted more than 150,000 merchant locations to help them understand this data breach and what we are doing to prevent future incursions.
- Further developed 2008 breach.com as a resource tool for merchants and cardholders alike.
- The news media reports about the type and amount of data that may have been placed at risk of compromise in the data breach have been speculative. Potentially exposed through this breach are card numbers, expiration dates and other data from the card’s magnetic stripe. In a small percentage of cases, the cardholder name of your customers who used a credit or debit card in your store during part of 2008 may also have been exposed. As a cardholder, you will not be held financially responsible for any unauthorized transactions that are reported in a timely way to the card issuer. You should regularly monitor your card and bank statements and report all suspicious activity to your card issuer (in the case of Visa and MasterCard cardholders, that would be the bank that issued the card, not the card brand).
If you have further questions or concerns, please call our toll-free number at 1.866.399.6228 or email us at 2008breach@e-hps.com.
Sincerely,
Robert O. Carr
Chairman and Chief Executive Officer
Heartland Payment Systems
----------------------------------------------------------------------------------------------
searches:
heartland data breach, heartland payment systems breach, heartland, heartland breach, credit card breach
The official website' press release says like this----
No merchant information or cardholder Social Security numbers compromised.
PRINCETON, N.J., Jan. 20 /PRNewswire-FirstCall/ -- Payments processor Heartland Payment Systems has learned it was the victim of a security breach within its processing system in 2008. Heartland believes the intrusion is contained.
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert H.B. Baldwin, Jr., Heartland's president and chief financial officer. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."
No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland's check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.
After being alerted by Visa(R) and MasterCard(R) of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland's network.
Heartland immediately took a number of steps to further secure its systems. In addition, Heartland will implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to expeditiously apprehend cyber criminals.
Heartland has created a website - www.2008breach.com - to provide information about this incident and advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers. Cardholders are not responsible for unauthorized fraudulent charges made by third parties.
"Heartland apologizes for any inconvenience this situation has caused," continued Baldwin. "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."
About Heartland Payment Systems
Heartland Payment Systems, Inc., a NYSE company trading under the symbol HPY, delivers credit/debit/prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide.
Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. For more information, please visit www.heartlandpaymentsystems.com and www.MerchantBillOfRights.com.
Forward Looking Statements
This press release may contain statements of a forward-looking nature which represent our management's beliefs and assumptions concerning future events. Forward-looking statements involve risks, uncertainties and assumptions and are based on information currently available to us. Actual results may differ materially from those expressed in the forward-looking statements due to many factors. Information concerning these factors is contained in the Company's Securities and Exchange Commission filings, including but not limited to, the Company's annual report on Form 10- K, or Form 10-Q as applicable. We undertake no obligation to update any forward-looking statements to reflect events or circumstances that may arise after the date of this release.
For More Information:
Nancy Gross
Phone: 215.519.7367
Email: Nancy.Gross@e-hps.com
SOURCE Heartland Payment Systems, Inc.
Contact: Nancy Gross, +1-215-519-7367, Nancy.Gross@e-hps.com
No comments:
Post a Comment