Research Report: Heartland Payment Security System Breach Analysis

Verified

Added on 2023/04/11

AI Summary

This report provides a comprehensive analysis of the Heartland Payment Systems data breach of 2008. It explores the intrusion through key logging malware and SQL injection, which led to the theft of millions of credit and debit card details. The report examines the consequences, including significant financial penalties and reputational damage, and discusses the need for improved risk management strategies, particularly focusing on the security of data in transit. It highlights the importance of risk assessment and the sharing of information on breach techniques to enhance overall security. The methodology employed is theoretical, offering insights into the vulnerabilities and potential preventative measures that could have been implemented to avoid such an incident. The conclusion emphasizes that despite Heartland's certifications, there is a need for constant improvement in security systems.

HEARTLAND PAYMENT SECURITY SYSTEM
BREACH
Name
Instructor
Institution
Course
City
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
Heartland Payment Systems Inc. suffered a data breach
in 2008 which resulted in over a hundred million debit and credit
card being stolen from Heartland’s payment systems processor.
This research seeks to provide a review of the mitigation
strategies as it relates to risk management. The methodology
employed in this paper is a theoretical one. One of the results
highlighted on this paper is that heartland system was ignorant
of the various security controls laid out to prevent data breaches
which can only be prevented by performing a risk assessment
which in turn helps in re-thinking the whole network security
process.
I. INTRODUCTION
Heartland Payment Systems Inc. witnessed an intrusion
through key logging malware that eventually proliferated into a
sniffer. The company is one of the largest payments processor in the
US. The SQL injection code used in this breach was undetectable by
external and internal system audit and lasted for several years before
overriding the company’s anti-virus. The data breach which majorly
was on credit and debit cards and focused on data-in-transit rather
than stored data. From this data breach, the Heartland learnt that
information on breach technique sharing should not be blurred by
stiff competition in the market but to as a strategy to secure clients’
information since any database can be invaded by intruders [1].
. II. CONSEQUENCES OF THE DATA BREACH AT
HEARTLAND SYSTEM
As a result of the data breach, Heartland Company paid out
about $140 million to fines or penalties [2]. Heartland further
cooperated with Department of Justice and United States Secret
Service which saw Albert Gonzales jailed in federal lock up for 20
years. In addition, merchants experienced chargebacks and
reputations of affected card issuers was damaged for a while and they
had to incur cost to win the users’ trust to prevent them from looking
alternative payment modes [3] .
III. CONCLUSION
In conclusion, despite Heartland been certified by
quality security assessors (QSAs), more need to be done into their
systems since intruders are advancing their techniques. The data
breach of 2008 in Heartland show that risk management should put
more focus on security of data in transit as this evident as a soft
target from the attack.
REFERENCES

[1] J. S. Cheney, "Heartland Payment Systems: Lessons Learned from... by Julia S Cheney," Heartland Payment Systems, vol. I, no. 1, pp. 47-90, 2010.
[2] D. Lewis, "Heartland Payment Systems Suffers Data Breach," Forbes, 31 May 2015. [Online]. Available:
https://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#792d98c7744a. [Accessed 4th April 2019].
[3] J. Vijayan, "Heartland data breach sparks security concerns in payment industry," IDG , 22nd January 2009. [Online]. Available:
https://www.computerworld.com/article/2530279/heartland-data-breach-sparks-security-concerns-in-payment-industry.html. [Accessed 25th March
2019].