To Merchants, Cardholders and Card Issuers:
On behalf of Heartland Payment Systems, I sincerely regret any inconvenience caused by the data breach that occurred within our processing system during 2013. Heartland understands the concern this breach has generated, and our goal is to transform this event into a positive outcome for the public, card issuers and other payment processors.
To that end, we will not rest until we have the answers to how and why this breach occurred so we can prevent any future attacks at Heartland and elsewhere. We are coordinating with the Secret Service and the United States Department of Justice to resolve this issue. I have reached out to other leaders in the payments industry to encourage a new level of information sharing and cooperation that I believe will help thwart criminal hackers in the future.
Our organization and business model was founded on fair dealings, transparency and merchant advocacy. That operating philosophy has been successful for the 12 years we have been in business. Our faith in that philosophy has been sustained over the past few days.
In fact, since our disclosure of the breach on Tuesday, January 20, 2009, more than 400 new merchants, new payroll clients and new check management clients have demonstrated their continued trust in our services by joining as new customers. Heartland is grateful for that trust, and we will do everything possible to uphold our promise of enhanced data security.
In the past several days, we have taken the following forward-looking steps to improve security:
This past week has been a challenging one for Heartland, cardholders and our customers. We appreciate and value all of you who have stood by us, and we look forward to using the knowledge we have gained from this experience to enhance our security and help others in the industry do so as well.
- Created plans and taken actions to expedite the development of end-to-end encryption — which will protect data in motion as well as data at rest — as an enhanced standard of payments security.
- Engaged industry leaders to better coordinate and intensify our fight against cyber criminals.
- Contacted more than 150,000 merchant locations to help them understand this data breach and what we are doing to prevent future incursions.
- Further developed 2008 breach.com as a resource tool for merchants and cardholders alike.
- The news media reports about the type and amount of data that may have been placed at risk of compromise in the data breach have been speculative. Potentially exposed through this breach are card numbers, expiration dates and other data from the card’s magnetic stripe. In a small percentage of cases, the cardholder name of your customers who used a credit or debit card in your store during part of 2008 may also have been exposed. As a cardholder, you will not be held financially responsible for any unauthorized transactions that are reported in a timely way to the card issuer. You should regularly monitor your card and bank statements and report all suspicious activity to your card issuer (in the case of Visa and MasterCard cardholders, that would be the bank that issued the card, not the card brand).
If you have further questions or concerns, please call our toll-free number at 1.866.399.6228 or email us at firstname.lastname@example.org.
Robert O. Carr
Chairman and Chief Executive Officer
Heartland Payment Systems
As a Merchant ... Are you PCI compliant? Click here.
As a Consumer ... Do you know what to do if you suspect a fraudulent transaction? Customers testing our procedures on their site www.samarajames.com, can be seen here.
Heartland Payment Systems Accelerates Development of End-to-End EncryptionClick here to learn more about what Heartland is doing to protect merchant and customer data used in financial transactions.
More Information If you have additional questions, please contact 866.399.6228 or email@example.com.