Both Visa and MasterCard alerted the company of suspicious activity concerning processed card transactions, said Heartland. After putting a team of forensic auditors on the case, it found malicious software that had been inserted into its network to sniff data.
The company said that no merchant data had been compromised, and that no cardholder social security numbers, addresses or telephone numbers were involved in the breach. There were no unencrypted personal identification numbers lost either, it said. That still leaves credit card numbers, and customer names as potentially exposed, but the company has given out no further information. It is not yet known how many card numbers processed by the company's 250 000 merchant clients may have been affected. However, reports of suspicious credit card activity already appearing in the press last week.
"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice," the company said in a statement on a website set up to inform customers about the breach.