Skip to content
Subscriber Only

Lessons from the Data Breach at Heartland

How a top payments processor responded to the largest-ever criminal pilfering of credit-card data, and what other companies can learn from it

Robert Carr was settling in for the evening in a New York hotel on Jan. 12 this year when at 10:30 p.m. he got a phone call that every financial services executive dreads. Carr, CEO of Heartland Payment Systems (HPY), learned that intruders might have hacked into the company's computer network.

The next morning, his fears were confirmed. For a period starting in May 2008, cybercriminals had burrowed deeply into Heartland's network and recorded consumers' credit- and debit-card data. "That's the worst thing that can happen to a payments company and it happened to us," says Carr.