largest data breach ever

[jakncoke]

The Washington Post has reported that Heartland Payment Systems, a payment processor that services "more than 250,000 businesses," has had more than 100 million transactions compromised via malicious software that was installed on its network; it will likely turn out to be the largest data breach ever reported. The "good" news is that the criminals were only capturing credit card numbers, the names on the cards, and expiration dates—the info encoded onto the magnetic strip on the card. Because no addresses, SSNs or PINs were stolen, the prospect of full-blown identity theft is pretty small—which must explain why Heartland isn't offering any sort of credit monitoring package as compensation. Instead, their CFO says, "We recognize and feel badly about the inconvenience this is going to cause consumers."

What? No credit monitoring offer? Well at least they can tell us which businesses were affected, right? Nope:

Robert Baldwin, Heartland's president and chief financial officer... said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.

Baldwin said it would be unfair to mention any one of his company's customers.

"No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair," he said. "Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know."

It's clear that Heartland is in the business of servicing other businesses, not consumers, and as such they're pretty much pretending we don't exist. The Washington Post also points out that Heartland chose an interesting day to release the news, considering there's a big Obamavent happening to provide distraction.

As for the actual cardholders, you may have already been issued a new card recently without explanation; well, this could be the explanation. Otherwise, your best bet is to closely monitor your accounts for unauthorized activity—which you do already, right?

Record Breaking: Credit And Debit Card Breach May Affect Over 100 Million

heads up, tell your folks, watch your cards. **** just made friends with the fan

[rukisuto]

Well, that's irritating as piss.
No compensation or anything? PFF.

[Trunks]

Hmm, my parents got new cards about 2 months ago. Not sure when this was, but they always watch purchases, because my brother uses to buy gas money.

[LiNuX]

100 million transactions compromised...awesome!

I'm saying its someone working for the company, cuz it's really not easy to install a malware from a remote location. Unless their firewall was broken for a second or two.

[Trunks]

100 million transactions compromised...awesome!

I'm saying its someone working for the company, cuz it's really not easy to install a malware from a remote location. Unless their firewall was broken for a second or two.

yea, but can you get 100 million transactions in a few seconds lol? If it wasn't done locally it would have to at least take 10 minutes or so to get that many. I think it was an inside job also.

[LiNuX]

yea, but can you get 100 million transactions in a few seconds lol? If it wasn't done locally it would have to at least take 10 minutes or so to get that many. I think it was an inside job also.

no i wasn't saying it was done in a few seconds, if the firewall was shut off for a few seconds, it would give someone the chance to connect to the server remotely and install a small software. And the software would stay in the server giving information back to its host even with the firewall on because the firewall blocks mostly External connections, not many internal connections because data has to be sent from one server to another.

And I highly doubt you can strip a database of a 100 million transactions in 10 minutes. This forum has less than a 140,000 Posts, thats a 140,000 different database values. If I download just that table, it'll take me around 10 minutes to download at 1mb/s speed.

A credit card transaction has a LOT more data than any forum post could have, so I am sure it took days for the data to be sent out. They only noticed after a while that the data was compromised and was able to stop it.

Detection also isn't too easy when it comes to dealing with server malware.

[Trunks]

no i wasn't saying it was done in a few seconds, if the firewall was shut off for a few seconds, it would give someone the chance to connect to the server remotely and install a small software. And the software would stay in the server giving information back to its host even with the firewall on because the firewall blocks mostly External connections, not many internal connections because data has to be sent from one server to another.

And I highly doubt you can strip a database of a 100 million transactions in 10 minutes. This forum has less than a 140,000 Posts, thats a 140,000 different database values. If I download just that table, it'll take me around 10 minutes to download at 1mb/s speed.

A credit card transaction has a LOT more data than any forum post could have, so I am sure it took days for the data to be sent out. They only noticed after a while that the data was compromised and was able to stop it.

Detection also isn't too easy when it comes to dealing with server malware.

I see, wasn't thinking about it that way. If it takes that long, I think it still would have to be an inside job. I'm sure that there are people working security just for that reason.

[LiNuX]

I see, wasn't thinking about it that way. If it takes that long, I think it still would have to be an inside job. I'm sure that there are people working security just for that reason.

lol, it was probably someone who deals with the server every day or the server's security - they have the most access to it but we can't really point fingers...Even though i want to.

[CookieMonster]

lol, it was probably someone who deals with the server every day or the server's security - they have the most access to it but we can't really point fingers...Even though i want to.

I'm sure your right, its either an inside man helping some outside people out, or a very large group of people on the outside hacking together as one.