[ insider_reports_insider ]
History's Biggest Data Breach Upstaged By Biggest Inauguration
SecurityProNews
Staff Writer
2009-01-21
 Insider Reports RSS Feed
It's a tough line to swallow that Heartland Payment System's announcement about the biggest security breach in history wasn't timed to be effectively drowned out by inauguration buzz-about as hard to swallow as the idea that tens of millions of credit card numbers are essentially useless to those who snagged them.
 | | History's Biggest Data Breach Upstaged By Biggest Inauguration |  |
Let's back up. Yesterday, while all eyes were on Washington, New Jersey based Heartland issued a press release sparsely detailing a security breach affecting tens of millions credit and debit card transactions.
Visa and Mastercard alerted Heartland last week to suspicious transactions stemming from what the company, after investigating, found to be malicious software squatting on its network.
"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," said Robert H.B. Baldwin, Jr., Heartland's president and chief financial officer. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."
Heartland, which processes about 100 million transactions monthly for about 250,000 clients, said the stolen data includes names, credit and debit card numbers and expiration dates.
Out of fairness, the company did not release the names of particular affected clients, but about 40 percent are said to be small and mid-sized restaurants across the country. Baldwin emphasized data that was not stolen in the breach, including merchant data, addresses of cardholders, social security or unencrypted PINs, or telephone numbers.
With the information that was grabbed-which was information in the magnetic strip on the back of the cards-fraudsters could forge new credit cards. What's really disturbing though, is what is not known, specifically, "the magnitude of what was grabbed."
Baldwin acknowledged but downplayed the possibility that the thieves could use the information for online transaction, especially with lack of addresses, and emphasized that identity theft would not be possible in these cases.
Heartland created a website-www.2008breach.com-for FAQs and apologies about the breach, but little information other than what was in the press release is offered.
When doubt was cast as to the timing of the announcement, Baldwin cited legal processes and discussions for delaying the announcement sign-off, and that a one-day delay was rejected in the interest of full transparency.
View All Articles by SecurityProNews
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
