HEARTLAND PAYMENT SECURITY SYSTEM BREACH Name Instructor

Verified

Added on 2023/04/11

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

HEARTLAND PAYMENT SECURITY SYSTEM
BREACH
Name
Instructor
Institution
Course
City
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Abstract
Heartland Payment Systems Inc. suffered a data breach
in 2008 which resulted in over a hundred million debit and credit
card being stolen from Heartland’s payment systems processor.
This research seeks to provide a review of the mitigation
strategies as it relates to risk management. The methodology
employed in this paper is a theoretical one. One of the results
highlighted on this paper is that heartland system was ignorant
of the various security controls laid out to prevent data breaches
which can only be prevented by performing a risk assessment
which in turn helps in re-thinking the whole network security
process.
I. INTRODUCTION
Heartland Payment Systems Inc. witnessed an intrusion
through key logging malware that eventually proliferated into a
sniffer. The company is one of the largest payments processor in the
US. The SQL injection code used in this breach was undetectable by
external and internal system audit and lasted for several years before
overriding the company’s anti-virus. The data breach which majorly
was on credit and debit cards and focused on data-in-transit rather
than stored data. From this data breach, the Heartland learnt that
information on breach technique sharing should not be blurred by
stiff competition in the market but to as a strategy to secure clients’
information since any database can be invaded by intruders [1].
. II. CONSEQUENCES OF THE DATA BREACH AT
HEARTLAND SYSTEM
As a result of the data breach, Heartland Company paid out
about $140 million to fines or penalties [2]. Heartland further
cooperated with Department of Justice and United States Secret
Service which saw Albert Gonzales jailed in federal lock up for 20
years. In addition, merchants experienced chargebacks and
reputations of affected card issuers was damaged for a while and they
had to incur cost to win the users’ trust to prevent them from looking
alternative payment modes [3] .
III. CONCLUSION
In conclusion, despite Heartland been certified by
quality security assessors (QSAs), more need to be done into their
systems since intruders are advancing their techniques. The data
breach of 2008 in Heartland show that risk management should put
more focus on security of data in transit as this evident as a soft
target from the attack.
REFERENCES

[1] J. S. Cheney, "Heartland Payment Systems: Lessons Learned from... by Julia S Cheney," Heartland Payment Systems, vol. I, no. 1, pp. 47-90, 2010.
[2] D. Lewis, "Heartland Payment Systems Suffers Data Breach," Forbes, 31 May 2015. [Online]. Available:
https://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#792d98c7744a. [Accessed 4th April 2019].
[3] J. Vijayan, "Heartland data breach sparks security concerns in payment industry," IDG , 22nd January 2009. [Online]. Available:
https://www.computerworld.com/article/2530279/heartland-data-breach-sparks-security-concerns-in-payment-industry.html. [Accessed 25th March
2019].

1 out of 3

+13062052269

info@desklib.com

HEARTLAND PAYMENT SECURITY SYSTEM BREACH Name Instructor

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Target Data Breach: Threats, Protections, and Legal/Ethical Issues

Preventing Data Breach in POS Systems

Capital One Data Breach Incident

Research paper on Target breach

DATA INTEGRITY AND DISASTER RECOVERY

Database Security