Heartland Denies Responsibility for Breach at Austin Restaurant Chain

Heartland Payment Systems, a payment processor famous for suffering a large breach in 2008, denies any responsibility for credit card details being stolen from an Austin restaurant chain, despite local investigators suggesting otherwise.

Hundreds of Austin residents have received calls from their respective credit card companies informing them that there's been a security breach which involves their cards. Many others have discovered fraudulent charges on their own.

Affected individuals have one thing in common, they were all customers of Tino's Greek Cafe restaurant chain in the past few weeks.

"Through our investigation and through the investigation of the credit card companies, we've determined the compromise was not at the restaurant itself. It was somewhere in the network," Sgt. Matthew Greer from the Austin Police Department's Financial Crimes Unit, who is investigating the breach, told News 8 Austin.

However, Heartland Payment Systems, the company handling payment processing for Tino's and the National Restaurant Association, disagrees with that assessment and has denied any problem on its own infrastructure.

"The intrusion, which is specific to this merchant and occurred prior to reaching Heartland’s processing network, is being investigated.

"The intrusion likely occurred in the third-party point-of-sale system used at the merchant location or as a result of other fraud. The Heartland system has not been compromised in any way," Steve Elefant, chief information officer at Hartland, said in a public statement issued by the company.

Following the 2008 incident, when convicted hacker Albert Gonzales used SQL injection to hack into its network and compromise millions of credit cards, Heartland has developed an end-to-end encryption system. However, switching to this more secure platform can prove too costly for some of its smaller customers.

Jeff Nouri, co-owner of Tino's is clearly unhappy with Heartland pointing the finger at his restaurant's PoS system. "I think that's very irresponsible of them to issue a statement like that," Nouri commented for KVUE.