Heartland Payment Systems Waits Till Inauguration Day to Release News on Massive Data Breach

By Ray Stern Tue., Jan. 20 2009 at 6:36 PM

Categories: News

A New Jersey company that processes payments for tens of thousands of American restaurants and other small businesses had its electronic pockets picked in a data breach that may be the country's largest ever.

And it waited until Inauguration Day to let us know about it.

A Washington Post article by Brian Krebs about the breach quotes a fraud analyst about the timing of the announcement by Heartland Payment Systems:

Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland's disclosure -- a day in which many Americans and news outlets are glued to coverage of Barack Obama's inauguration as the nation's 44th president.

"This looks like the biggest breach ever disclosed, and they're doing it on inauguration day?" Litan said. "I can't believe they waited until today to disclose. That seems very deceptive."

According to Krebs' article, someone planted malicious software on the payment processing company's computers that culled transmitted credit card information from clients. Or rather, its clients' customers. As in, you and me. Criminals could theoretically use the data to make their own credit cards -- with our info in them -- and go on a shopping spree.

Heartland processes about 100 million transactions a month for about 250,000 businesses, much of them restaurants. Company execs say they have no idea long the software had been in place before it was discovered.

Kind of makes you lose your appetite, doesn't it?