What was the Heartland credit card data breach, and what is the #1 data security lesson merchants can learn from it?

In the largest data breach ever charged in the United States, a handful of criminals stole 130 million credit and debit card numbers and corresponding data from payment processor Heartland Payment Systems and retailers including 7-Eleven, Hannaford Brothers supermarket chain and others in 2007-2008.
The U.S. Department of Justice indicted those responsible and provided details on how it was done.
The #1 data security lesson for merchants, large or small, is to check the security of any database used with the company's Web sites. Investigators learned the hackers used weaknesses in database servers on these companies' Web applications to gain access to their networks. From this crack in the security wall, they installed "sniffer" programs to find and download cardholder payment account data.
Merchants should have a qualified security firm conduct a penetration audit to check the site and fortify systems against database Web site attacks, called "SQL injection." Some specialists estimate that as many as 30 percent of Web sites are vulnerable to these types of attacks. If changes are made to the site design, merchants should re-run the security audit.
Rate this tip: 
  • My comment
  • Comments [0]

Add new comment

To prevent automated spam submissions leave this field empty.
By submitting this form, you accept the Mollom privacy policy.

No comments available

Related content

Focus [2]

N°33 Mobile Payment or Bust

Mobile Payment or Bust In London last year, two of the city’s finest mobile bloggers, Ewan MacLeod and Jon Choo, went head-to-head as they put London’s NFC payment infrastructure to the test. The f...

If you do not findthe answer you're looking for...

Ask your question