Breach Facts

• Heartland Payment Systems, Inc. ("Heartland") is one of the nation's largest payment processors delivering credit/debit/prepaid card processing, payroll, check management and payments solutions.
• Since its founding in 1997, Heartland has grown to service 250,000 business locations nationwide with net sales of $1.3 billion in 2007.
• Heartland has a proven track record of providing superior solutions to demanding markets such as pay-at-the-pump gas stations, parking lots, retail, restaurants, school campuses, hospitality businesses, and community banks. The company has also been effective in servicing auto repair facilities, convenience and liquor stores, and professional service providers.
• Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices.
• In 2007, InfoWorld magazine named Heartland as one of the world's top 50 most innovative technology companies, and in 2008, the company received the "Editor's Choice Award" by Cards & Payments.

• After being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter.
• Using data from the forensic investigation, Heartland uncovered malicious software that compromised data, which crossed the company's network in 2008.
• Potentially exposed through this breach are card numbers, expiration dates and other data from the card’s magnetic stripe. In a small percentage of cases, the cardholder name of your customers who used a credit or debit card in your store during part of 2008 may also have been exposed. Heartland's check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms were not involved in the breach.
• This incident may be the result of a widespread global cyber fraud operation, and the company is cooperating closely with the United States Secret Service and Department of Justice.
• Heartland will implement a next-generation program designed to flag network anomalies in real-time and enable law enforcement to apprehend cyber criminals expeditiously. Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective
• The company has created a website — www.2008Breach.com — to provide information about this incident.
• Heartland advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers. You are not responsible for any counterfeit fraudulent charges made by third parties that are reported in a timely way to the card issuer. Report any suspicious activity to your card issuer, and your claim will be investigated.