RSS Alerts

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Do Punishments Fit the Cybercrime?
    Although some collaborative strides have been made, the international law enforcement community still lacks sufficient resources and skills to have substantial impact on the cybercrime juggernaut. The (ISC)² U.S. Government Advisory Board examines deterrent effects of recent high-profile prosecutions, legislative gaps, challenges in US cybercrime laws, and obstacles facing international law enforcement strategies.
    Members' Content
  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
  • Outsourcing information security could be a risky business
    Over the past two decades, outsourcing and offshoring have become central to the business strategy of many organizations. The ongoing race to cut costs has resulted in mass migrations of whole industry sectors from low-cost regions to lower- cost ones, benefitting one and often distressing another - and the information security industry is no exception. Krag Brotby reports.
  • Weekly brief, January 25, 2010
    Infosecurity rounds up the week's news

News

Heartland Discovers Card Heist

26 January 2009

Payment processing company Heartland Payment Systems was red-faced last week after the disclosure of a data breach that took place in 2008.

 

Both Visa and MasterCard alerted the company of suspicious activity concerning processed card transactions, said Heartland. After putting a team of forensic auditors on the case, it found malicious software that had been inserted into its network to sniff data.

The company said that no merchant data had been compromised, and that no cardholder social security numbers, addresses or telephone numbers were involved in the breach. There were no unencrypted personal identification numbers lost either, it said. That still leaves credit card numbers, and customer names as potentially exposed, but the company has given out no further information. It is not yet known how many card numbers processed by the company's 250 000 merchant clients may have been affected. However, reports of suspicious credit card activity already appearing in the press last week.

"We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice," the company said in a statement on a website set up to inform customers about the breach.

 

This article is featured in:
Business Continuity and Disaster Recovery Compliance and Policy Data Loss IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water