After being sounded the ‘red alert’ by MasterCard and Visa - about suspicious action regarding processed credit card transactions - Heartland Payment Systems concluded that its system was breached in 2008. Investigations by the credit-card processor revealed an extensive criminal operation, with the cyber thieves stealing credit card information.

In more than 250,000 business locations countrywide, Heartland - based in Princeton, New Jersey – delivers prepaid card processing, payroll, credit, debit, check management and payments solutions.

According to a statement by Robert Baldwin, Jr., President and CFO of Heartland, the company uncovered the software, Sniffer software, that had compromised the exposed key information – like cardholder names, card numbers and expiration dates - crossing its network, as the company sought approval from the banks and payment companies.

Baldwin said: “We have industry-leading encryption, but the data has to be unencrypted to request the information. The sniffer was able to grab that authorization data at that point.”

The company said cardholders of the susceptible credit cards - MasterCard, Visa, American Express and Discover Financial - would not be liable for the fake, criminal charges that had been made by third parties.

Apologizing for the unpleasant incident, Baldwin said in its efforts to “maintain the security of cardholder data,” and make its system secure at the earliest, Heartland has taken a number of steps. To provide complete information about the breach episode, the company has also created a website, 2008breach.com. (Addition reporting for this story by Rupinder Kaur)