* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Threat Advisories - Advisories](https://www2.paloaltonetworks.com/blog/category/threat-advisories-advisories/)
* Heartland Corporation: Ma...

# Heartland Corporation: Malware Causes Largest Data Breach In History

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F01%2Fheartland-corporation-malware-causes-largest-data-breach-in-history%2F)  
[](https://twitter.com/share?text=Heartland+Corporation%3A+Malware+Causes+Largest+Data+Breach+In+History&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F01%2Fheartland-corporation-malware-causes-largest-data-breach-in-history%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F01%2Fheartland-corporation-malware-causes-largest-data-breach-in-history%2F&title=Heartland+Corporation%3A+Malware+Causes+Largest+Data+Breach+In+History&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2009/01/heartland-corporation-malware-causes-largest-data-breach-in-history/&ts=markdown)  
\[\](mailto:?subject=Heartland Corporation: Malware Causes Largest Data Breach In History)  
Link copied  
By [Matt Keil](https://www.paloaltonetworks.com/blog/author/matt/?ts=markdown "Posts by Matt Keil")  
Jan 21, 2009  
3 minutes  
[Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown)  
[PCI compliance](https://www.paloaltonetworks.com/blog/tag/pci-compliance/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)  
[vulnerability exploit](https://www.paloaltonetworks.com/blog/tag/vulnerability-exploit/?ts=markdown)

Holy Crap! Heartland, a card processing service for more that 250,000 small businesses [discloses a malware generated breach on inauguration day](http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html). The scope is unfathomable. If each of the customers had only 10 credit card customers...you do the math.

Like vultures feeding on roadkill, no doubt every security vendor will call on Heartland telling them how they can help but because many of them are based on ports and protocols, their promises and claims will go unfulfilled.

Could Palo Alto Networks have helped - hard to say without knowing what happened. But at the risk of calling ourselves vultures, here's my assessment of how we might have been able to help:

* **Isolate the servers**: Using security interfaces, VLANs and security zones, we could have isolated the servers and then applied policies to control both who and what had access to those servers. Because of our ability to see and control applications, users and content, the policies would have been far more granular than port-based solution policies.
* **Control applications accessing the servers**: With the ability to ID more than 750 applications, we may have been able to apply access control rules for the servers that allowed only certain applications MS-SQL, Oracle, Sybase) to access it, thereby stopping the malware from getting to the server.
* **Control the users accessing the servers**: Because we can leverage the user data in Active Directory as the basis of the security policy, we may have been able to stop the malware from accessing the server by controlling the specific users who had access.
* **Prevent threat from accessing the servers**: Using high speed threat prevention, policies can be applied to monitor inbound traffic (to the servers) for all manner of threats, blocking them when they are found.
* **Watch for CC#s**: Leveraging the in-depth traffic analysis we perform, we can detect CC# and SSN patterns in the traffic and alert on the detection or block the traffic altogether. So in the case of Heartland, we could have set a policy that monitored the traffic outbound from the server, looking for card holder data and alerting or blocking the traffic.
* **Monitor and log the traffic**: Like any security device, we collect a wealth of log data - but the key difference is that the data we have is based on actual applications, uses and content as opposed to IP addresses, ports and protocols. The result is a far richer and meaningful set of data that can be used for daily analysis or in the worst case, forensics. In the Heartland case, an admin might have been able to see unusual application activity from the server farm. From a forensics perspective, they would have at their fingertips the name of the applications, the users and the types of threats that were accessing (or attempting) the servers.

Without knowing their environment, the assessment is purely hypothetical, but worth taking a look at because it is not the first breach of this type (malware intercepting card data) - the same thing happened at [Hannaford supermarkets last year](http://securosis.com/2008/03/18/picking-apart-the-hannaford-breach-what-might-have-happened) - and it certainly won't be the last. It's time to fix the firewall.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### 2026 Unit 42 Global Incident Response Report --- Attacks Now 4x Faster](https://www2.paloaltonetworks.com/blog/2026/02/unit-42-global-ir-report/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Both Threat Prevention and Response in AVC EPR](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-to-achieve-99-in-both-threat-prevention-and-response-in-avc-epr/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Always Innovating: User Experience, Threat Coverage and Management](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown)

[#### Prevent Lateral Movement With Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/prevent-lateral-movement/)

### [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/platform/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Addressing Critical Violations From Login to Reporting With Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-security-user-interface/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### New: More Cloud NGFW Scalability Across Multiple AWS VPCs](https://www2.paloaltonetworks.com/blog/network-security/cloud-ngfw-across-multiple-aws-vpcs/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language