Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/20/2009
07:42 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Record Breach! Heartland Leak May Affect Millions Of Credit Records

Credit card processor Heartland Payment Systems admitted today that a 2008 malware-caused breach may have compromised millions -- maybe tens of millions -- of credit card records, including card holder names and card numbers. Early reports are that the breach was caused by a keystroke logger inside Heartland's network.

Credit card processor Heartland Payment Systems admitted today that a 2008 malware-caused breach may have compromised millions -- maybe tens of millions -- of credit card records, including card holder names and card numbers. Early reports are that the breach was caused by a keystroke logger inside Heartland's network.Heartland Payment Systems, one of the largest transaction processors in the world, got tagged by a malware infestation, the company admitted today. A keylogger was discovered in the company's network

The company's announcement of the breach came (probably not by accident) while the focus of the nation was on the inauguration, hundreds of millions of citizens with their eyes on Washington, unaware that a sizeable per centage of them may have had their credit card numbers grabbed by cyber crooks.

Heartland is that big, handling 100 million transactions a month for a quarter million businesses.

Heartland was quick to point out that there's no evidence of social security, address or phone number, or merchant data was compromised. Few other details have been forthcoming.

This one is big for small and midsize businesses for a couple of reasons.

For one, you count on processors to handle transactions for you and your customers, and one of the things you count on is absolute security. This wasn't a bonehead unsecured network breach like the TJX (TJMaxx) leak awhile back. This was a keystroke logger inside Heartland's network. How did it get in there and how long did it log before discovery?

For another, Heartland's handling of the announcement lives up to all the bad moves big companies make when they screw up: no banner or information-pointer on the company's homepage. You have to dig into the investor relations page, then go to press releases, then call up the announcement.

(You can lose some time looking: I came across a "Letter From CEO" [sic] but it was a recruitment pitch.)

In fact, the most prominent item on the home page is an announcement that Heartland is changing it's look... and the future of payments. Ya think?

These things always sprawl and there are always more revelations that should have been made public on page one on day one. The comment in the company's announcement that "Heartland believes the intrusion is contained." is hardly reassuring.

So watch this space for future developments and revelations.

I for one am going to be very interested in the explanation of a just how a keylogger got inside Heartland's network in the first place.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22199
PUBLISHED: 2021-06-16
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
CVE-2020-22200
PUBLISHED: 2021-06-16
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2020-22201
PUBLISHED: 2021-06-16
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2021-20483
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
CVE-2021-20488
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.