Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Indicted In Huge Identity/Data Breach

Posted by kdawson on from the hoping-you-didn't-charge-that-slurpee dept.

ScentCone and other readers let us know about an indictment just unsealed in federal court for stealing 130 million credit cards and other data useful in identity theft, or just plain money theft. The breaches were at payment processor Heartland (accounting for the bulk of the 130M), Hannaford, 7-11, and two unnamed "national retailers." Interestingly, the focus of the indictment, Albert "Segvec" Gonzalez, is currently awaiting trial for masterminding the TJX break-in, which until Heartland counted as the largest credit-card theft ever. The indictment cites SQL injection attacks as the entry vector. Two unnamed Russia-based conspirators were also indicted. Securosis has analysis of the security implications of the breach ("These appear to be preventable attacks using common security controls. It's possible some advanced techniques were used, but I doubt it") and the attackers' methodology.

2 of 101 comments (clear)

  1. Re:Hate to say it... by Anonymous Coward · · Score: 3, Informative

    That's only relevant to the end stores that need payment processing. The rules, of course, do not apply to the big name at the top.

  2. The 1990's called ... by DrJimbo · · Score: 3, Informative

    They want their SQL injection attack back. I would imagine that the companies involved had to put forth a huge recruitment effort in order to find people competent enough to create a working site and yet clueless enough to allow SQL injection.

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin