Heartland Payment Systems Breach Followup

Banks and credit unions all across the country have been shutting off credit/debit cards and reissuing them. Heartland Payment Systems has been sued by several companies, banks, and individuals. Interestingly, Heartland was compliant with the PCI standards of the day. Heartland has now beefed up its security above and beyond the PCI specs. Whether it will be enough to keep it afloat as a company remains to be seen. In 2005, CardSystemsSolutions, a major payment processor, folded after its breach of 40 million credit card accounts were compromised; the Heartland breach is measured in the hundred million range.
And the stolen card numbers are showing up. Already there have been arrests, where card numbers appeared in Visa and MasterCard gift cards. Those arrested, though, do not appear to be the masterminds behind the breach, just criminals who purchased the numbers. Authorities suspect an Eastern European group behind the break-in at Heartland.
 As the banking industry has been trying to respond to the massive Heartland Payment Systems breach, word is out that another payment card processing company has been breached, with a very similar technique. Quite probably, the same group behind the Heartland Breach is responsible for this one. So far, the card processing company has not been identified, nor has the scope of the breach, but Visa authorities say that all card brands have been affected and that a significant number of cards have been compromised. Early reports indicate that the cards were exposed from February 2008 to January 2009. Forensic investigation is continuing.

Comments

Post a Comment

Popular posts from this blog

Equifax Provides More Details of Hacked Data

In a recent letter to several congressional committees, Equifax shared that out of the 146+ million records that were hacked in last year's breach: all contained consumers' dates of birth,  nearly all contained Social Security Numbers,  99 million had address information,  209,000 contained credit card data including expiration dates,  38,000 contained driver's license info, 3,200 contained passport information. While some identity fraud incidents have been traced back to the Equifax breach, most of these records have not yet been used in a fraud.  However, since the data is not likely to change (other than credit card info), it is assumed that eventually the stolen information will be sold in the dark web and misused.  Just a matter of time.  My advice: do what you can to minimize your exposure and certainly stay on top of your credit reports, but since things like passports, driver's licenses, and Social Security Numbers can be used in non-financial identity
Read more

Orbitz Reveals Breach Of 880,000

Orbitz, a division of Expedia, has announced it was hacked last October, 2017, revealing credit card information of 880,000 customers, including names, birth dates, mailing and email addresses, dated between January and June, 2016. The current Orbitz website was not hacked, according to the company. One article on the breach: http://www.zdnet.com/article/orbitz-says-hacker-stole-customer-data/
Read more

Should I Be Concerned About Criminal Identity Theft?

As I mentioned in a previous post, I've found that most people equate ID theft only with their finances -- their bank and credit accounts.  They don't see a need for paid protection services, relying instead on bank- or card- or insurance-provided free services.  Or they put fraud alerts on their credit report every three months. While useful, these free services rarely look beyond the finances or offer much in the way of restoration.  I advise people to get all of the reliable free coverage they can, but recognize their limitations, and understand that real identity theft is much more than their finances. Take for example something called criminal identity theft.  This is where someone pretends to be someone else, hiding their own identity, when caught in the act of a crime, such as illicit drug dealing or breaking and entering.  Often this is pulled off by first obtaining driver's license info either through direct theft or through a breach and then modifying it with
Read more