In 2008, attackers used SQL injection to breach Heartland Payment Systems, a payment processing company. They stole 130 million credit and debit card numbers. The breach cost Heartland over $140 million in settlements and fines. The CEO described it as an "international cybercrime ring." The technical execution was