Data Breach May Have Exposed 100 Million Credit Cards

A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported.

Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.

The company said it couldn't estimate how many customer records may have been improperly accessed, but said the data compromised include the information on a card's magnetic strip — card number, expiration date and some internal bank codes — that could be used to duplicate a card.

Heartland, of Princeton, N.J., processes transactions for more than 250,000 businesses nationwide, including restaurants and smaller retailers.

Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever, based on her conversations with industry executives.

Previously, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos. in 2005 and 2006.

Robert Baldwin, Heartland's president and chief financial officer, said it was too early to say how many records were accessed and that calling it the largest-ever breach would be "speculative."

• Click here to read more of this story in the Wall Street Journal.

• Click here for Heartland's Web site detailing the matter.

• Click here to visit's Cybersecurity Center.