BreachExchange mailing list archives
Heartland Breach went one and half years undetected
From: "Al" <macwheel99 () wowway com>
Date: Tue, 15 Sep 2009 10:57:57 -0500
http://www.govinfosecurity.com/articles.php?art_id=1774 <http://www.govinfosecurity.com/articles.php?art_id=1774&rf=091509eg> &rf=091509eg The ranking member of the Senate Homeland Security and Governmental Affairs Committee told the chief executive of Heartland Payment Systems that she was "astonished" a breach of the company's information system lasted for nearly 1½ years without being detected. [..] Heartland CEO Robert Carr told the panel that Heartland is taking two major steps to prevent this type of breach to reoccur. Working through the Financial Services Information Sharing and Analysis Center, Heartland and other payment processors established Payments Processing Information Sharing, a forum for sharing information about fraud, threats, vulnerabilities and risk mitigation practices. He also said Heartland is working to deploy end-to-end encryption, known as E3, to render data unreadable to outsiders from the point of card swipe. "Our goal is to completely remove payment account numbers of credit and debit cards and magnetic stripe data such as expiration date, service codes and other data, so that it is never accessible in a usable format in the merchant and processor systems," Carr said. Here is a directory of 670 banking institutions, and counting, impacted by the Heartland breach, and where known, the number of credit accounts compromised at each. http://www.bankinfosecurity.com/articles.php?art_id=1200 - Al Macintyre
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Heartland Breach went one and half years undetected Al (Sep 15)