After suffering a major data breach in 2008 when hackers infiltrated its payment processing network, Heartland Payment Systems took great efforts to become the poster child for digital security. But thieves found another way in.
Seven years later, the company is dealing with a burglary at its payroll office in Santa Ana, Calif., an incident that included the theft of four computers that may have contained personal information, the company said.
In a statement delivered June 1 about the May 8 break-in at the payroll office, formerly Ovation Payroll, Heartland said TVs, LCD panels and 11 password-protected desktop computers were stolen.
The four computers with personal information were not yet connected to any other Heartland office, business, system or server, the company said.
Princeton, N.J.-based Heartland is in the process of integrating its information security and physical security systems and processes into the payroll office in California.
Heartland said it has notified local, state and federal authorities and alerted approximately 2,200 individuals that their personal information may have been affected by the burglary.
The company has put an "aggressive system" in place to monitor for any malicious activity on the personal accounts of those affected. To date, there is no indication that any of this information has been accessed or used in a fraudulent manner or that the thieves intend to access the information, Heartland said.
The company encrypted most of its computers while integrating acquisitions and is working to encrypt any remaining computers "in every office that may have access to, or house, personal identifiable information or payment data," according to its statement.
Heartland did not indicate that the stolen computers had been encrypted prior to the burglary.
"Security has been, and will continue to be, the foundation of everything we do at Heartland," the company stated.
In January of 2009, Heartland revealed it had suffered a security breach in its processing system in 2008. At that time, it was considered the largest data breach on record as criminals had compromised the data from more than 100 million cards.