Another wonderful example of how "massive" data breaches can occur. It will be interesting to see how the fallout from this incident differ from the TJX event.
From Washington Post:
Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients.
Baldwin said Heartland does not know how long the malicious software was in place, or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.
“The transactional data crossing our platform, in terms of magnitude… is about 100 million transactions a month,” Baldwin said. “At this point, though, we don’t know the magnitude of what was grabbed.”