Update: Heartland responded to this post with a statement. See the Comments section for their statement.
Heartland Payment Systems, Inc. (“Heartland”), who made news when they disclosed a huge breach on President Obama’s first inauguration day, has reported another breach. This one appears to involve Heartland Payroll Solutions, Inc.
In a letter to those affected, Heartland writes that it was notified on May 8, 2015 that personal information may have been compromised when many items, including password-protected computers, were stolen from its Santa Ana, California office.
Data on the stolen computers may have included Social Security numbers and/or bank account information processed for individuals’ employers.
The letter states:
We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur.
Those being notified are being offered services provided by Kroll.
HEARTLAND RESPONDS TO BURGLARY OF PAYROLL OFFICE IN SANTA ANA
SANTA ANA, Calif., June 1, 2015 – Heartland said today it was notified of a burglary that took place at the Heartland Payroll office in Santa Ana, Calif. The payroll office, formerly Ovation Payroll, is in the process of being integrated into Heartland’s information security and physical security systems and processes. Among the items stolen were TVs, LCD panels and 11 password-protected desktop computers. Of these 11 computers, Heartland suspects that four computers contained personally identifiable information (PII).
The four computers were not connected to any other Heartland office, business, system or server, but may have contained PII on some of the individuals serviced from that payroll office. Heartland has notified local, state and federal authorities and has also personally alerted approximately 2,200 individuals that their personal information may have been affected by the burglary.
In addition, the company has put an aggressive system in place to monitor for any malicious activity on the personal accounts of those impacted. To date, there is no indication that any of this information has been accessed or used in a fraudulent manner or that the thieves intended to access the information. Regardless, we take this incident seriously.
As part of our ongoing commitment to security, Heartland has already encrypted most computers, and as we integrate acquisitions, Heartland is actively working to encrypt any remaining computers in every office that may have access to, or house, PII or payment data. Security has been, and will continue to be, the foundation of everything we do at Heartland. We deeply regret this incident and apologize for any inconvenience this may have caused.
About Heartland
Heartland Payment Systems, Inc. (NYSE: HPY), one of the largest payment processors in the United States, delivers credit/debit/prepaid card processing and security technology through Heartland Secure™ and its comprehensive Heartland breach warranty. Heartland also offers point of sale, mobile commerce, e-Commerce, marketing solutions, payroll solutions, and related business solutions and services to more than 400,000 business and educational locations nationwide.
A FORTUNE 1000 company, Heartland is the founding supporter of Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. Heartland also established Sales Professional Bill of Rights to advocate for the rights of sales professionals everywhere.
# # #
For more information, contact:
Kevin Petschow Chandra Hayslett
Heartland G&S Business Communications
+1.312.205.1607 +1.212.297.2600, ext. 1267
[email protected] [email protected]