Heartland Breach went one and half years undetected

["Al" <macwheel99 () wowway com>]

http://www.govinfosecurity.com/articles.php?art_id=1774
<http://www.govinfosecurity.com/articles.php?art_id=1774&rf=091509eg>
&rf=091509eg

The ranking member of the Senate Homeland Security and Governmental Affairs
Committee told the chief executive of Heartland Payment Systems that she was
"astonished" a breach of the company's information system lasted for nearly
1½ years without being detected.

[..]

Heartland CEO Robert Carr told the panel that Heartland is taking two major
steps to prevent this type of breach to reoccur. 

Working through the Financial Services Information Sharing and Analysis
Center, Heartland and other payment processors established Payments
Processing Information Sharing, a forum for sharing information about fraud,
threats, vulnerabilities and risk mitigation practices.

He also said Heartland is working to deploy end-to-end encryption, known as
E3, to render data unreadable to outsiders from the point of card swipe.
"Our goal is to completely remove payment account numbers of credit and
debit cards and magnetic stripe data such as expiration date, service codes
and other data, so that it is never accessible in a usable format in the
merchant and processor systems," Carr said.

Here is a directory of 670 banking institutions, and counting, impacted by
the Heartland breach, and where known, the number of credit accounts
compromised at each.

http://www.bankinfosecurity.com/articles.php?art_id=1200

 

-

Al Macintyre

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php