Heartland – 2008
The largest data breach of all time occurred in Princeton, New Jersey. Heartland Payment Systems, a large payment processing company, announced that they had seen over 130 million private record exposed to cyber criminals. In this data breach, which is the largest recorded against an American company in the history of the internet, both credit card and debit cards were made available to the hackers. How did the hackers do it? It sounds simple, but that is pretty far from the truth. Malware, which resides on nearly every computer hooked up to the internet, was planted with the credit card data that arrived from their retailers. The fact that Heartland Network worked with over 250,000 businesses in America meant that the effect of the breach was huge. Eventually the perpetrator of the crime was caught. Albert Gonzalez was convicted in 2010. His sentence is the largest sentence in the history of computer crime: 20 years. For Heartland, and the people affected, they probably believe this sentencing to be too light.
CardSystems – 2005
CardSystems Solutions was the victim of another monumental data breach thanks to a group of intelligent and absolutely abhorrent hackers. In 2005 a group of hackers managed to break into the database that CardSystems stored all of their information. Their route in was via an SQL Trojan attack. A Trojan attack consists of bits of malicious code being seeded into a target computer. This code then snags information and feeds it back to the writers of the code. This Trojan attack pulled browser page data every four days and then placed it into a compressed file and shipped it back to the hackers who would then gleefully manipulate the data to their needs. According to reports the hackers gained private names, account numbers, and specific codes to over 40 million different cardholders. Rosetta Jones, a spokeswoman for Visa, reported that CardSystems Solutions was not being compliant in their protection and that their security was not up to snuff. By the end of 2005 CardSystems was no more as they had been bought out by another, bigger, corporation.
