Slashdot Mirror

← Back to Stories (view on slashdot.org)

Largest Data Breach Disclosed During Inauguration

Posted by kdawson on from the debit-cards-at-risk dept.

rmogull writes "Brian Krebs over at the Washington Post just published a story that Heartland Payment Systems disclosed what may be the largest data breach in history. Today. During the inauguration. Heartland processes over 100 million transactions a month, mostly from small to medium-sized businesses, and doesn't know how many cards were compromised. The breach was discovered after tracing fraud in the system back to Heartland, and involved malicious software snooping their internal network. I've written some additional analysis on this and similar breaches. It's interesting that the biggest breaches now involve attacks installing malicious software to sniff data — including TJX, Hannaford, Cardsystems, and now Heartland Payment Systems." One bit of good news out of this massive breach is that, according to Heartland's CFO, "The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address." Heartland just put up a press release on the breach.

8 of 168 comments (clear)

  1. WTF??? by canUbeleiveIT · · Score: 1, Insightful
    Brian Krebs over at the Washington Post just published a story that Heartland Payment Systems disclosed what may be the largest data breach in history. Today. During the inauguration.

    WTF??? What does the inauguration have to do with this? I suggest we go back to all Slashdot stories and insert what happened on that day. Examples:

    * Researcher says Linux is better than Windows on Friendship Day.
    * Researcher says Linux is better than Windows on Fall Equinox.
    * Researcher says Linux is better than Windows on Kwanzaa.

    1. Re:WTF??? by EvanED · · Score: 5, Insightful

      I would say it may have quite a lot to do with it... it's either a pretty big coincidence, or they are trying to bury the news by releasing it when the networks actually have something else to report on.

      What's your bet on?

    2. Re:WTF??? by oldspewey · · Score: 5, Insightful

      Today. During the inauguration. WTF??? What does the inauguration have to do with this?

      Well, somebody who is inclined toward cynicism might conclude that the company deliberately chose to release this information when public attention would be diverted elsewhere.

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
    3. Re:WTF??? by idontgno · · Score: 5, Insightful

      [Heartland Payment Systems President and CFO] Baldwin said Heartland worked to disclose the breach last week.

      "Due to legal reviews, discussions with some of the players involved, we couldn't get it together and signed off on until today," Baldwin said.

      "Legal reviews": "Holy crap, we're gonna get our butts sued off if this breach becomes a big news story! You have to delay this until we can start a war or something to distract the press!"

      "Will the inauguration hype of the first African-American President of the United States work as a distraction?"

      "Brilliant!"

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    4. Re:WTF??? by Ambiguous+Coward · · Score: 2, Insightful

      My comments were based on the article itself. What more do you expect? The article claims the disclosure occured during the inauguration. Regardless, waiting for inauguration day is "interesting" enough.

      Also, just a little heads up: "nothing to do with reality" and "incorrect on the point of exact timing" are not synonymous. It will help lend credence to your position in the future if you learn the difference.

      --
      Their may be a grammatical error, misspeling, or evn a typo in this post.
    5. Re:WTF??? by Nathan+Baum · · Score: 2, Insightful

      im surprised that a UK official got in trouble for saying 9/11 was a good day to get rid of bad news

      She didn't get in trouble for saying it; she got in trouble because the media found out she said it.

  2. Missing Address by wiz31337 · · Score: 4, Insightful

    "The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address," Baldwin said.

    Because as we all know it is impossible to get someone's address by having only their full name and credit card number.

    They are trying to down play a very serious incident by disclosing the breach on a day heavily focused on the inauguration. Then they have the nerve to say "don't worry they didn't get your address" as if to say someone smart enough to embed malicious software which gathers credit card numbers is not smart enough to find someone's address. Common!

    --
    /whisper/ Thanks for the candy!
  3. solution to CC breeches .. by rs232 · · Score: 5, Insightful

    What's needed is a totally new kind of online financial transaction system. One that don't use card numbers. A dongle on the client connects to the server generates a one-time session key,and identifies itself to the server and displays a random Pin code, the customer then types it in to verify the transaction. The session is encrypted and the data sent can only be used for the one transaction, no repeat man-in-the-middle hacks ..

    --
    davecb5620@gmail.com