From The New York Times about Heartland Payment Systems:
Robert H. B. Baldwin Jr., Heartland’s president and chief financial officer, said that his company believed the card numbers, expiration dates, and in some cases cardholder names were exposed after attacks on its computer systems at the one point where data had been unencrypted.
Once consumers swiped their cards, so-called sniffer software captured that data as Heartland sought authorization from the major payment companies and banks. Customers of Visa, MasterCard, American Express and Discover Financial were all vulnerable.
Furthermore, these vulnerabilities have occurred in spite of massive spending to reinforce security standards in the industry.
All this is happening after credit card companies and merchants spent over $2 billion on establishing the Payment Card Industry standards, Ms. Litan said. “And yet the breaches continue and they get more serious.”
30 minutes ago