In 2008, Heartland Payment Systems, a company specializing in payment, point-of-sale, and payroll systems, experienced a massive data breach. The breach was a result of an SQL injection attack that compromised computers used to process payment transactions. The attackers accessed a web login page and gathered enough data to create new physical credit cards. The breach led to significant financial losses for the company and a drop in its stock price. In May 2015, Heartland suffered another data breach affecting their payroll customers when thieves broke into their offices in Santa Ana, California, and stole computers containing sensitive information.

How many accounts were compromised?

The 2008 Heartland data breach resulted in the theft of as many as 100 million debit and credit cards.

What data was leaked?

The data exposed in the breach included payment transaction data, data coded into the card's magnetic strip, social security numbers, and banking information.

How was Heartland Payment Systems hacked?

In the 2008 Heartland breach, attackers utilized an SQL injection attack to compromise the company's computers used for processing payment transactions. Gaining access to a web login page, the hackers collected enough data to create new physical credit cards, including information encoded in the cards' magnetic strips.

Heartland Payment Systems's solution

In response to the hack, Heartland Payment Systems took several measures to enhance security and prevent future incidents. They initiated a plan to encrypt card data at the point it's swiped, reducing vulnerability when moving over networks. Heartland also hired cybersecurity forensics experts to investigate the issue and increased their internal security and review procedures to watch for unusual activity. Additionally, the company engaged with identity monitoring firm Kroll to provide identity theft protection for affected customers.

How do I know if I was affected?

Heartland Payment Systems took steps to notify customers believed to be affected by the breach. If you were a Heartland customer at the time and did not receive a notification, you can visit HaveIBeenPwned to check if your credentials were compromised.

What should affected users do?

In general, affected users should:

• Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity, and report any unauthorized transactions to your financial institution immediately.

For more specific help and instructions related to Heartland Payment Systems' data breach, please contact Heartland Customer Support directly.

Where can I go to learn more?

For more information on the Heartland Payment Systems data breach, check out the following news articles:

• Lessons from the 2008 Heartland Data Breach | Proofpoint US

• Heartland Payment Systems Suffers Data Breach