The Washington Post has reported that Heartland Payment Systems, a payment processor that services “more than 250,000 businesses,” has had more than 100 million transactions compromised via malicious software that was installed on its network; it will likely turn out to be the largest data breach ever reported. The “good” news is that the criminals were only capturing credit card numbers, the names on the cards, and expiration dates—the info encoded onto the magnetic strip on the card. Because no addresses, SSNs or PINs were stolen, the prospect of full-blown identity theft is pretty small—which must explain why Heartland isn’t offering any sort of credit monitoring package as compensation. Instead, their CFO says, “We recognize and feel badly about the inconvenience this is going to cause consumers.”
What? No credit monitoring offer? Well at least they can tell us which businesses were affected, right? Nope:
Robert Baldwin, Heartland’s president and chief financial officer… said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.
Baldwin said it would be unfair to mention any one of his company’s customers.
“No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair,” he said. “Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”
It’s clear that Heartland is in the business of servicing other businesses, not consumers, and as such they’re pretty much pretending we don’t exist. The Washington Post also points out that Heartland chose an interesting day to release the news, considering there’s a big Obamavent happening to provide distraction.
As for the actual cardholders, you may have already been issued a new card recently without explanation; well, this could be the explanation. Otherwise, your best bet is to closely monitor your accounts for unauthorized activity—which you do already, right?