Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories about: "heartland payment systems"
Scams

Scams

by Mike Masnick

Tue, Aug 18th 2009 5:42am


Filed Under:
albert gonzalez, breach, credit cards

Companies:
heartland payment systems, tjx



Looks Like The Guy Who Set The Record For Largest Credit Card Breach Was Breaking His Own Record

from the raising-the-bar dept

Back in January, we noted that it looked like there might be a new winner in the battle to see who was responsible for the largest ever credit card breach. Until that time, the honor had gone to a series of department stores owned by TJX (TJ Maxx, Marshalls, etc.). That involved info on 94 million credit card holders. Not bad. But the newer deal, involving Heartland Payment Systems appeared to effect well over 100 million. Now, you may have seen the news reports this week that have upped that total to 130 million, as part of the announcement of indictments against three individuals for illegally accessing the data. But, what's fascinating is that the one guy in custody, Albert Gonzalez, was already in custody for his role in the TJX hack (along with some other retailers). Oh, and there's also the tidbit about how he was a government informant, handing over info on (you guessed it) the underworld involved in stolen credit card numbers.

9 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Tue, Jan 20th 2009 5:01pm


Filed Under:
credit cards, security breach

Companies:
heartland payment systems



May Have A New Winner In The Largest Security Breach Ever Department

from the and-it-will-get-larger,-I'm-sure dept

In the past, we've joked about how with pretty much every security breach, there's an initial estimate of the damage done, followed much later by a second report that admits the breach impacted many more people. It happened with the VA. It happened with Choicepoint. And, it happened with TJX, who raised the bar on being the worst security breach ever not once, but twice to impact nearly 94 million people. Who could top that?

Step up to bat, Heartland Payment Systems. Chris writes in to point out that Heartland appears to have picked a pretty good day to announce a security breach that may impact over 100 million people. Everyone's off paying attention to the inauguration, so they might miss the news as it comes out today -- but they're likely to hear about it soon enough. It appears that Heartland's own computers were infected with malware which passed on information about transactions to some scammers.

Heartland is now claiming that this really isn't that big a deal, because personal information wasn't included in the breach -- meaning the data was useful for creating new cards with bogus data, but not useful for "card not present" transactions such as internet transactions or creating fake cards of real people. Because of this, Heartland doesn't think that it should need to offer credit monitoring services to impacted users, which has become the somewhat standard penance for those caught leaking credit card info.

Of course, some are already questioning the timing of announcing the breach. Considering they figured out what happened a week ago, it does seem a bit of interesting timing to wait until the inauguration was underway to disclose this information.

Still, given the history of so many earlier breaches turning out to be much worse later on, what's the over-under on the next announcement about how much worse this breach actually was?

15 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Tuesday

1:56pm: Jury Says Fictional Character Can Be Libelous (28)
12:44pm: Spam King Alan Ralsky Gets Four Years In Jail (27)
11:39am: Publishers Getting The Wrong Message Over eBook Piracy (39)
10:28am: Calling For An Independent Invention Defense In Patents (26)
9:12am: Microsoft Tries To Silence Revelation Of Bing Cashback Flaws; Leads To Revelation Of Other Problems (41)
8:03am: Don't Blame Facebook For Some Kids Beating Up Another Student (61)
6:46am: Hulu Telling Sites To Stop Embedding So Much (44)
5:00am: Once Again, If The Gov't Has Data, It Will Be Abused (42)
2:53am: As Expected, Social Networking Generation Running For Office Face Their Permanent Record Online (31)
12:55am: IMAX Sues Cinemark For Building Competing System... While Being An IMAX Customer (14)

Monday

10:26pm: Filmmaker Allowed To Use The Name Rin Tin Tin To Describe Rin Tin Tin (6)
8:25pm: Senators Begin Questioning ACTA Secrecy (32)
6:34pm: Brazil E-Voting Machines Not Hacked... But Van Eck Phreaking Allowed Hacker To Record Votes (15)
5:08pm: FCC Doesn't Think The Lack Of Competition Is A Major Barrier To Broadband? (36)
3:49pm: Heads Of Major Movies Studios Claiming They Just Want To Help Poor Indie Films Harmed By Piracy (47)
2:38pm: USPTO Convinced By Amazon That Online Gift Giving Patent Is Legit (19)
1:31pm: Tiburon Approves Recording Every Car That Enters/Leaves... Despite More Evidence Of Traffic Camera Abuse In UK (90)
12:18pm: Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (53)
11:01am: Spanish Court Dismisses Complaint From Nintendo Against Counterfiet DS Cartridges, Since They Add Functionality (12)
9:55am: Dear PR People: If Your Exec Has A Comment, Our Comments Are Open (25)
8:44am: What Kind Of Mickey Mouse (And Donald Duck) Lawsuits Are These? (23)
7:30am: Prosecutors Ending Lawsuit Against Lori Drew (13)
6:06am: Dear Rupert: You Don't Succeed By Making Life More Difficult For Users (70)
4:20am: ESPN Writer Suspended From Twitter (59)
2:10am: School Can't Handle Critical Community Message Board; Sends Legal Nastygram (21)

Friday

7:39pm: Liberian Laws Are A Secret Due To Copyright; Even The Gov't Doesn't Have Them (43)
6:56pm: Lily Allen: It's Ok To Sell My Counterfeit CDs, Just Don't Give My Music For Free (97)
6:10pm: EFF Looks To Bust Bogus Podcasting Patent; Needs Prior Art (34)
5:28pm: Google Blocking Set Top Boxes From Showing YouTube Unless They Pay Up? (65)
4:44pm: Entertainment Industry: Yes, Please Keep Negotiating Secret Copyright Treaty To Save Our Asses (43)
More arrow
Quick Links
Close
E-mail It