U.S. credit card payment clearance house Heartland Payment systems reported today that its data banks were hacked sometime in the past year by cyber crooks who may have gained access to millions of credit card numbers.

The breach reportedly affects transactions within calendar year 2008, within the U.S. but foreign visitors who used their VISA or MasterCard cards while in the U.S. at that time may also be at risk.

Robert H.B. Baldwin Jr., President and CFO of Heartland told CNet News, he had no hard information on how many credit and debit cards may have had their information exposed. Rather, he says, “The question is what percentage of transactions did the malware capture and what percentage got out to the bad guys?”

Baldwin also said that Heartland isn’t sure when the cyber attack took place, but did confirm that it was discovered last week. He added that he believes the intrusion has now been contained. Baldwin also offered the opinion, shared by Heartland’s IT experts and a team of IT auditors who discovered the intrusion, that the breach was perpetrated by sophisticated international organized cyber criminals.

On the bright side, Heartland says no merchant data, cardholder Social Security or SIN numbers, unencrypted PINs, addresses or telephone numbers were exposed — only card numbers.

Even more importantly, Baldwin confirmed that innocent cardholders whose card numbers were stolen won’t be held responsible for for fraudulent charges.