Largest Data Breach Disclosed During Inauguration

rmogull writes "Brian Krebs over at the Washington Post just published a story that Heartland Payment Systems disclosed what may be the largest data breach in history. Today. During the inauguration. Heartland processes over 100 million transactions a month, mostly from small to medium-sized businesses, and doesn't know how many cards were compromised. The breach was discovered after tracing fraud in the system back to Heartland, and involved malicious software snooping their internal network. I've written some additional analysis on this and similar breaches. It's interesting that the biggest breaches now involve attacks installing malicious software to sniff data — including TJX, Hannaford, Cardsystems, and now Heartland Payment Systems." One bit of good news out of this massive breach is that, according to Heartland's CFO, "The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address." Heartland just put up a press release on the breach.

So?

[cdrguru]

OK, this means that many people will now have to cancel their credit card and get a new number. Wow. Maybe 10 minutes of time lost.

Will these people be charged anything? No. Will there be any monetary loss at all to these people? No.

Whom does this hurt the most? Merchants that deliver services over the web without any physical shipment and without adequate verification of the card before delivering to the thief. Anything that involves a physical shipment is likely to be stopped long before it makes it out the door.

But of course this will be talked about as "identity theft" and that it will cost people lots of time and money. Sadly, the FBI now records all credit card fraud as "identity theft" which just makes people like Todd Davis rich.