Heartland Payment Systems Breach, What Lessons to be Learned

  • By David Lukic
  • Nov 27, 2020

Much like the story of the Titanic, the Heartland payment systems breach teaches us that you can never be too confident. Back in 2008/2009, Heartland Payment Systems suffered a massive data breach at the hands of two Russian hackers who installed malware on their systems and exploited SQL vulnerabilities. They made off with 100 million debit and credit card numbers. The scandal hit Heartland pretty hard, and they took cybersecurity seriously and implemented dozens of security measures. But they got a bit too confident. In 2015, they issued this data breach warranty to their customers:

“Heartland Payment Systems is so confident in the security of its payment processing technology that, on Jan. 12, it announced a new breach warranty for its users. The warranty program will reimburse merchants for costs incurred from a data breach that involves the Heartland Secure credit card payment processing system.”

Unfortunately, after the first Heartland breach, on May 8, 2015, Albert Gonzales broke into their offices and stole unencrypted computers with details on payroll customers like social security numbers and banking information. Their boldness cost them $140 million in fines and penalties as a result.

heartland payment systems breach

When Was the Heartland Data Breach?

The first Heartland Payment Systems security breach occurred back in 2008 and 2009. The latest data breach occurred in May of 2015 and was perpetrated by only one man who was sentenced to 20 years in federal prison.

How to Check if Your Data Was Breached

If you were a payroll customer of Heartland Payment Systems in 2015, you were most likely affected by the data breach. The earlier breach was much more expansive, and you would have been contacted by Heartland to respond. Once the dust settled on this latest breach, Heartland paid the fees and alerted their customers but lost market share in the mix.

What to Do if Your Data Was Breached

If you were affected by the Heartland Payment Systems breach, you should take some precautionary measures and formulate an ongoing plan of continued diligence.

  • Cancel any credit cards related to or used by Heartland Payment Systems.
  • Contact your bank and have your bank account number changed.
  • Routinely get a copy of your credit report and sign up for monitoring (IDStrong.com does both of those for you).
  • Check your credit card and bank statements carefully, always watchful for fraud.

How Did Heartland Payment Systems Respond?

Soon after the May 2015 incident, Heartland responded with a statement:

“We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand. Heartland continues to monitor the situation carefully and has increased its internal security and review procedures to watch for any unusual activity.”

From 2009 until 2015, Heartland thought they were un-hackable, but they didn’t count on the theft of their computers. Hopefully, after this, they will take additional steps to secure the physical hardware residing in their offices and encrypt all data everywhere.

heartland breach

Can Heartland Security Breach Information be Used for Identity Theft?

Yes. The information acquired by hackers and the thief were enough to steal your identity. Many customers lost names, email addresses, home addresses, social security numbers, and other personal banking details. All criminals need is a thread to pull before your entire identity unravels before them. Be extra cautious about phishing emails after a data breach.

What to Do to Protect Yourself

Data breaches seem to be a regular occurrence in all areas of life these days. It may seem impossible to protect yourself, but it is not. Simply employing a bit of common sense can go a long way. These steps should also help you stay safe:

  • Keep your computer updated with security patches and antivirus software; run deep scans often.
  • Change your online passwords frequently and use really long, complex ones.
  • Consider a credit freeze to keep criminals from opening new accounts in your name.
  • Never give out your personal details to anyone who contacts you via phone or email.
  • Do not click links or open attachments in email.
  • Watch out for phishing scams and other suspicious (urgent) emails.
  • Always sign up for 2-factor authentication when it is offered on websites.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in t ... Read More

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. Wha ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

Latest Articles

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

Weekly Cybersecurity Recap January 27

Weekly Cybersecurity Recap January 27

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close