Heartland Payment Systems Discloses Credit and Debit Card Data Breach
One of the country’s largest credit and debit card payment processing companies, Heartland Payment Systems (“Heartland”) based in Princeton, New Jersey, announced on Monday, January 19, 2009, that credit and debit card numbers, expiration dates and cardholders names were stolen after its computer systems were hacked. Although the Heartland breach exposed the personal data of 600 million or more cardholders, and Heartland became aware of the breach in fall, 2008 -- and may even have been aware of the breach as early as May, 2008 -- it did not publicly reveal the breach until just two days ago, exposing millions of cardholders to the possibility of fraud for many months.
The Heartland data breach could wind up rivaling some of the largest data thefts in history. In January, 2007, the retail chain TJ Maxx (“TJX”) admitted that confidential credit and debit card data on more than 45 million customers had been compromised. Avivah Litan, a data security analyst interviewed by the New York Times, said that the Heartland breach may dwarf the TJX breach and could result in hundreds of millions in losses and other expenses. “If you add it all up . . . it could cost as much as half a billion dollars in losses – or twice as big as TJX,” she said.
Cardholders are advised to examine their credit and debit card monthly statements closely for any evidence of fraudulent unauthorized charges. Should you find unauthorized charges on your credit or debit card statements, and you believe that your credit or debit card information was stolen as a result of the Heartland breach, please contact us immediately to discuss your legal options.
Your personal information necessarily gets disclosed a great deal in the modern economy. That's an unavoidable consequence of how consumers do business. It is convenient for us, but it also permits gerat efficiency and profitablility for the merchants who sell us goods and those who process the payments for the merchants. The latter is an entire industry that would not exist except that consumers have agreeed to do business in this manner. The LEAST these businesses can do is protect OUR information while it is in their control. They get embarrassed by a breach. We can have our private information compromised and spend years straightening out the resulting mess. Any organization that fails to close known vulnerabilities or encrypt its data at every step of processing and storage should be held liable.
Not only did HPS know about the breach, their CEO was dumping stocks at an astonishing rate. Check out the insider trading transactions of Mr. Carr and you'll find that he was busy selling stock even though their system was comprimised. The even more amazing thing, Visa had to tell them TWICE that they were getting hacked.
Everyone should know about their rights as to these companies who do not secure their information. This is a very informative site. Thank you.