Heartland denies systems involved in new data breach

Austin police says hackers broke into a network connecting restaurant with payment processor

Heartland Payment Systems, which last year suffered the largest ever data breach involving payment card data, is downplaying reports out of Austin, Texas linking the payment processor to a data breach at a local restaurant chain.

Heartland CIO Steven Elefant told Computerworld by e-mail late Thursday that the reports out of Austin point to a "localized intrusion initiated within the stores, either in their point-of-sale system or as a result of other fraud."

"The Heartland system at large and its merchants would not be compromised in any way by this type of attack, and the company is unaware of any broader issue," he said.

He added that Heartland officials will work closely with business owners to help identify the source of the breach, and help with remediation efforts.

The Austin Statesman reported on Thursday that an "accounting network" at Tino's Greek Cafe, a local restaurant chain with four locations in Austin, had been breached.

The story, which quotes a local police spokesman, said the intruders had hacked into the network connecting Tinos with Heartland Payment Systems. The spokesman is quoted as saying that somebody had hacked into a computer system "somewhere between Tinos' point of sale and their credit card clearinghouse company."

It's unclear yet, if only customers have been affected by the incident, the spokesman is quoted as saying. The breach has apparently result in fraudulent charges appearing on the cards of several Tinos customers. Many of the charges have occurred at merchant locations around the country and beyond, and have been happening for several months.

The Statesman story points to one case where the city's University Federal Credit Union contacted police after notice multiple unauthorized charges against the accounts of customers who had been to Tinos.

According to one source who requested anonymity, it's quite likely that Austin police are confused about how the payment infrastructure works and are just assuming Heartland is involved. "As soon as they hear Heartland is the processor, they are most likely just assuming a larger problem," he said.

"From the description of the attack, it sounds very localized and unfortunately it is not uncommon for restaurants to be attacked like this," he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon