A data security breach at a payment processing company could turn out to be the biggest retail fraud case ever, according to several experts. Millions of American debit and credit cardholders might have had their card numbers stolen.
On Tuesday, Heartland Payment Systems, a publicly-traded company that processes more than a billion transcations for 250,000 merchants a year, said in a press release it "was the victim of a security breach within its processing system in 2008."
Heartland serves "a large number" of restaurants along the Grand Strand, according to local restauranteurs.
The U.S. Secret Service is investigating, although just how many people are affected is still being investigated.
"We processed about a 100 million transactions each month of last year. We don't know, however, the percentage of those transactions that were actually being stored by the virus and then we don't know the percentage of that, that got out to the bad guys," said Robert Baldwin, Heartland's president and CEO.
The bad guys, Baldwin said, are believed to be a group connected to a widespread global cyber fraud operation.
Baldwin continued that malicious software had been placed on its system in 2008, and when Visa and MasterCard noticed suspicious activity surrounding transactions, they contacted Heartland. Heartland then brought in forensic auditors who discovered the problem.
Although the thieves may have made off with card numbers, the company says they did not make off with any "merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses of telephone numbers."
Advocates urge everyone to check their bank statements carefully, and if you suspect suspicious activity, call them immediately.
