Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Largest Data Breach In History Tries To Hide Behind Inauguration

Heartland Payment Systems, a credit card processor out of Princeton, N.J., that mostly supports small and midsize businesses, announced during today's presidential inauguration that it was the victim of a massive data breach that could include more than 100 million credit card numbers.

Heartland Payment Systems, a credit card processor out of Princeton, N.J., that mostly supports small and midsize businesses, announced during today's presidential inauguration that it was the victim of a massive data breach that could include more than 100 million credit card numbers.Heartland is a publicly traded company that says it is one of the five largest U.S. credit card processors (in terms of volume), handling more than 4 billion transactions a year and more than 100 million per month. The numbers are staggering, but the full scope of the breach is unknown. The data lost included magnetic stripe content only, and not addresses.

The story first came to light thanks to an article by Brian Krebs over at the Washington Post. The breach is likely so massive that Heartland set up a special Website at www.2008breach.com, which, by nature of sounding like last year's news, also seems like a convenient attempt to additionally obfuscate the seriousness of the situation. While Heartland denies it is attempting to hide the breach behind the inauguration, such denials sound about as sincere as Dick Cheney's congratulating Joe Biden.

Details are scarce, but based on Brian's article and the official press release we can discern some interesting facts about what might have happened. It appears the fraud was initially detected by Visa and MasterCard, then traced back to Heartland (similar to the CardSystems Solutions breach of 2004/2005). Heartland began an investigation, involved law enforcement, and discovered malicious software snooping card numbers on its network.

The installation of malicious software to sniff transactions also appeared in the TJX and Hannaford attacks -- two of the other largest data breaches we've seen. Although lost laptops and other media cause the most breach disclosures, it's clear these directed attacks result in the highest levels of fraud (not that we know for sure, of course, because tracking true fraud back to suspected breaches is always a daunting task, and one made ever more difficult by the lack of disclosure from the involved businesses, banks, and other parts of the payment system).

There are two lessons we should all immediately take from this incident:

    1. Installation of malicious software to sniff payment information is an effective form of attack, and we need to evaluate our computers and communications channels on our payment systems to prevent it from happening.

    2. Trying to hide a major breach during one of the most important days in recent history still won't keep you out of the headlines, and appears more pathetic than calculated.

We have not confirmed Heartland's PCI certification status.

Rich Mogull is founder of Securosis LLC and a former security industry analyst for Gartner Inc. Special to Dark Reading. Rich has twenty years experience in information security, physical security, and risk management. He specializes in cloud security, data security, application security, emerging security technologies, and security management. He is also the principle course designer of the ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16223
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16225
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16227
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute a...