A Major US credit card processing outfit has admitted that the personal data of hundreds of thousands of its clients has been exposed in hacker attacks on its systems.
Heartland Payment Systems revealed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.
Robert Baldwin, Heartland's president, said in a USA TODAY interview that the intruders had access to Heartland's system for "longer than weeks" in late 2008.
Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems.
The hackers used sniffer software to capture authorisation data as Heartland asked for approval from major payment companies and banks.
While the company said it had "industry-leading encryption", the data has to be unencrypted to request the information. At that point the sniffer program was able to grab that authorisation data.