Data breach at Heartland may be bigger than TJX’s

And you thought the TJX’s data breach was bad? Well…

Data breach at Heartland may be bigger than TJX’s

A data breach disclosed last week by Heartland Payment Systems Inc. may displace the one revealed by The TJX Companies Inc. in January 2007 as the largest compromise of payment card information to date.

Heartland, a Princeton, N.J.-based payment processor, said intruders broke into its systems sometime last year and planted malware that they used to steal credit and debit card data.

A Heartland spokesman said Thursday that the company still had no idea how many cards had been compromised. It wasn’t even sure how long the malware had been on its network, he noted. “All we know is that it was there for a period of time in the second half of 2008,” he said.

But given that Heartland processes more than 100 million card transactions per month, it’s conceivable that the number of compromised cards could be at least that high, said Gartner Inc. analyst Avivah Litan. In the TJX breach, 45.6 million card numbers were stolen over 18 months.

The latest news over at The Chronology of Data Breaches (PrivacyRights.org), shows on their last update for the TJX/January 17, 2007 entry, that the TJX data breach seem to have affected 100 Million accounts and they think it may have dated back as far as 2005!

The Heartland one may be worse than that since it processes at least 100 Million!?

Over time, what will they find out about the Heartland one?

Unbelievable.