ANTenna Blog -- Security
Record Breach! Heartland Leak May Affect Millions Of Credit Records
Posted by Keith Ferrell Tuesday, Jan 20, 2009, 07:42 PM ET
Credit card processor Heartland Payment Systems admitted today that a 2008 malware-caused breach may have compromised millions -- maybe tens of millions -- of credit card records, including card holder names and card numbers. Early reports are that the breach was caused by a keystroke logger inside Heartland's network.
Heartland Payment Systems, one of the largest transaction processors in the world, got tagged by a malware infestation, the company admitted today. A keylogger was discovered in the company's network
The company's announcement of the breach came (probably not by accident) while the focus of the nation was on the inauguration, hundreds of millions of citizens with their eyes on Washington, unaware that a sizeable per centage of them may have had their credit card numbers grabbed by cyber crooks.
Heartland is that big, handling 100 million transactions a month for a quarter million businesses.
Heartland was quick to point out that there's no evidence of social security, address or phone number, or merchant data was compromised. Few other details have been forthcoming.
This one is big for small and midsize businesses for a couple of reasons.
For one, you count on processors to handle transactions for you and your customers, and one of the things you count on is absolute security. This wasn't a bonehead unsecured network breach like the TJX (TJMaxx) leak awhile back. This was a keystroke logger inside Heartland's network. How did it get in there and how long did it log before discovery?
For another, Heartland's handling of the announcement lives up to all the bad moves big companies make when they screw up: no banner or information-pointer on the company's homepage. You have to dig into the investor relations page, then go to press releases, then call up the announcement.
(You can lose some time looking: I came across a "Letter From CEO" [sic] but it was a recruitment pitch.)
In fact, the most prominent item on the home page is an announcement that Heartland is changing it's look... and the future of payments. Ya think?
These things always sprawl and there are always more revelations that should have been made public on page one on day one. The comment in the company's announcement that "Heartland believes the intrusion is contained." is hardly reassuring.
So watch this space for future developments and revelations.
I for one am going to be very interested in the explanation of a just how a keylogger got inside Heartland's network in the first place.
Security
Business & E-Business
| Finance/Accounting
| Finance/Banking/Insurance
| Retail
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
- Phone Systems Guide - What kind of phone system is right for your business
- Web Design Guide - What to look for in a Web designer
- Merchant Services Guide - Credit card processing and more
- Online Marketing Guide - Leverage the Net to market your business
- Alternative Financing Guide - How to find the cash your business needs
- View all guides
Explore ANTenna Blog
Most Recent Posts
- Why Google Buzz Could Be A Bust For SMBs
- Nasuni Offers Cloud-Based Primary Storage
- Automobiles: The Next Network Security Challenge?
- Cachengo Rolls Out Appliance + Cloud Storage Option
- For SMBs, PayPal Could Mean Risky Business
ANTenna Blog Topics
- Apple
- Backup
- bMighty
- Business & E-Business
- Business Continuity
- Cloud Computing
- Company Size: 1,100-1,500
- Company Size: 250-999
- Company Size: 50-249
- Company Size: 1-49
- Disaster Recovery
- Economics
- Education
- Entrepreneurs
- Finance/Accounting
- Finance/Banking/Insurance
- Government
- Green Business
- Hardware & Software
- Healthcare
- Hospitality
- How-To
- HR
- Imaging How-To
- International
- Internet/Web
- iPhone
- IT
- Linux
- Management
- Manufacturing/Mining
- Messaging
- Mobile
- Networking & Communications
- Non-Profit
- Open Source
- Operations
- Piracy
- Printers/Printing
- Professional/Creative Services
- Retail
- Unified Communications
- Sales/Marketing
- Start-Ups
- Security
- Server How-To
- Services
- Social Networking
- Software-as-a-Service
- Storage
- Strategy/Analysis/Biz Dev
- Technology/Telecom
- The rANT
- Transportation
- Travel
- Windows
- Web 2.0
- Women in Business
ANTenna Bloggers
ANTenna Blog Roll
- ANTenna Archive
- Ars Technica
- Business Know-How
- ChannelWeb Hot Topics
- ChannelWeb The Chart
- Datamation
- Duct Tape Marketing
- The Entrepreneurial Mind
- Freakonomics
- GigaOmNet
- Guy Kawasaki
- Inc.com
- IT Organization Management
- IT Manager's Journal
- IT Toolbox
- LifeHacker
- Mashable
- MonkeyBrains
- Network Computing Blog
- Scott Berkun
- Search Engine Land
- Search Engine Watch
- SmallBizResource
- SmallBizTechnology.com
- SmallBusinessHub
- Small Business Trends
- TechCrunch
- Technologizer
- Tech Republic
- The Secret Diary of Steve Jobs
- USA Today Small Biz Connection
- Valleywag
- Walt Mossberg Feed - All Things Digital
- Web Worker Daily
- WorkHappy.net
- WSJ's Business Technology
InformationWeek SMB email newsletter!
Browse by Category
IW SMB Tech
Term Of Day:
Boost your tech
vocabulary!
InformationWeek SMB's
TechEncyclopedia
defines more than
20,000 IT terms.
FREE Technology Services Locator!
Search our database of 200,000 solution- provider locations by business activity, technology, vertical market, and customer size. Find a technology partner NOW.
go
|
