Largest Data Breach In History Tries To Hide Behind InaugurationLargest Data Breach In History Tries To Hide Behind Inauguration
Heartland Payment Systems, a credit card processor out of Princeton, N.J., that mostly supports small and midsize businesses, announced during today's presidential inauguration that it was the victim of a massive data breach that could include more than 100 million credit card numbers.
January 20, 2009
Heartland Payment Systems, a credit card processor out of Princeton, N.J., that mostly supports small and midsize businesses, announced during today's presidential inauguration that it was the victim of a massive data breach that could include more than 100 million credit card numbers.Heartland is a publicly traded company that says it is one of the five largest U.S. credit card processors (in terms of volume), handling more than 4 billion transactions a year and more than 100 million per month. The numbers are staggering, but the full scope of the breach is unknown. The data lost included magnetic stripe content only, and not addresses.
The story first came to light thanks to an article by Brian Krebs over at the Washington Post. The breach is likely so massive that Heartland set up a special Website at www.2008breach.com, which, by nature of sounding like last year's news, also seems like a convenient attempt to additionally obfuscate the seriousness of the situation. While Heartland denies it is attempting to hide the breach behind the inauguration, such denials sound about as sincere as Dick Cheney's congratulating Joe Biden.
Details are scarce, but based on Brian's article and the official press release we can discern some interesting facts about what might have happened. It appears the fraud was initially detected by Visa and MasterCard, then traced back to Heartland (similar to the CardSystems Solutions breach of 2004/2005). Heartland began an investigation, involved law enforcement, and discovered malicious software snooping card numbers on its network.
The installation of malicious software to sniff transactions also appeared in the TJX and Hannaford attacks -- two of the other largest data breaches we've seen. Although lost laptops and other media cause the most breach disclosures, it's clear these directed attacks result in the highest levels of fraud (not that we know for sure, of course, because tracking true fraud back to suspected breaches is always a daunting task, and one made ever more difficult by the lack of disclosure from the involved businesses, banks, and other parts of the payment system).
There are two lessons we should all immediately take from this incident:
1. Installation of malicious software to sniff payment information is an effective form of attack, and we need to evaluate our computers and communications channels on our payment systems to prevent it from happening.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper