More on Heartland

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the “sniffer” software used to collect the data was located only last week.

Heartland Breach

Heartland Payment Systems acts as a payment gateway for credit card transactions for over 250,000 businesses. At some point a sniffer was installed in their data center intercepting all transactions. Some media outlets are calling this the “largest data breach ever”. They process “100 million credit card payments a month and more than 4 billion transactions per year” but currently have no idea when the malicious software was installed.

Massive World Bank Comprimise

FoxNews (not one of my normal news sites… I promise) just posted a story entitled “World Bank Under Cyber Siege in ‘Unprecedented Crisis’“. The details are fairly chilling and include some amazingly upbeat quotes like… “While it remains unclear how much data has been pilfered from the bank, it’s a lot. According to internal memos, […]

geeks.com comprimise

The folks at consumerist (excellent site, btw) just posted a copy of the disclosure letter geeks.com (aka computergeeks.com) sent to customers informing them that their credit card data may be compromised. A few items that concerned me about the disclosure are… Genica Corporation dba Geeks.com 1890 Ord Way Oceanside, CA 92056 January 4, 2008 [snip] […]

This Week in Links: 12/31/07 – 1/6/08

Best of 2007 Gizmodo’s Most Popular Hits of 2007 LifeHacker.com – The Best of 2007 Roundup Break diabetes medicine.com – Top 10 Internet Videos of 2007 arstechnica.com – 2007: The year in review Search Security – Top 10 Security Headlines of 2007 Tech IANA and ICAN rolling out IPV6 on Root Name Servers Security Business […]

Texas County Clerks Want to be Above the Law on Data Privacy

In case you haven’t been following security and privacy related news, last week Texas Attorney General Greg Abbot ruled that exposing SSNs in public documents violates state and federal laws. To me, this is common sense and good news for the common good of everyone in Texas. Why would you want anyone printing your social […]

Help! My Identity Has Been Thefted… Again!

Well, not really.  This time it was only my debit card. I received word, last Saturday evening, from bank (National City) that my debit card had been used for a ‘card-in-hand’ transaction at a gas station in Canada (they made a physical card containing my debit card information on the back strip).  The women from […]