Perhaps another wave of panic in the financial industry?
http://www.databreaches.net/?p=832
Two credit unions report debit card misuse linked to Heartland breach
Posted January 21st, 2009 by admin
Yesterday, we reported that Piedmont Credit Union in North Carolina had reported that 15 of its members were reporting fraudulent use of their Visa-issued debit cards, mostly at gas stations in Florida. We also reported that Oregon Territory Federal Credit Union members were reporting misuse of their debit cards. At the time of the initial reports, neither credit union was able to identify the source of the breach.
Now Piedmont has issued a statement on its site linking their breach to the Heartland breach. Although the statement does not name Heartland, a spokesperson confirmed to me that it was Heartland being referred to in their announcement.
A spokesperson for Oregon Territory also informs me that they have determined that their breach and fraud reports were also due to the Heartland breach.
In a third credit union breach, a spokesperson for Franciscan Skemp Credit Union informs me that they are as yet unable to determine if the Heartland breach was responsible for their reports, but that approximately 60 members have reported debit card fraud starting at the beginning of December. In their case, most of the fraudulent activity occurred at California retail merchants and gas stations.
Heartland’s initial press release did not indicate that it was arranging for any credit monitor or ID theft restoration services for those affected, and they have not yet responded to an inquiry as to whether they will arrange for such services in light of reports that there has been fraudulent use linked to the breach.
[small update: PCU's newest statement on their site names Heartland as the source of their breach.]
Replacing cards, even with no direct evidence of fraud, suggests they are taking this very seriously.
http://www.databreaches.net/?p=206
Maine banks checking for impact from data theft (Heartland Payment Systems follow-up)
Posted January 21st, 2009 by admin
Tux Turkel reports:
Maine banks and credit unions were scrambling this morning to assess the scope of a nationwide data breach involving credit and debit cards.
[...]
It was not immediately clear whether Maine customers had been victims of fraud related to the Heartland breach, but some banks were making plans to reissue cards, just to be safe.
Kennebunk Savings Bank has 7,000 MasterCard accounts that potentially could have been compromised. The bank decided this morning that it will send new cards to customers, although it hadn’t gotten any reports of misused cards.
Other banks were waiting for more information, to assess whether their customers were at risk. Bangor Savings Bank, which has 70,000 Visa cardholders, said its internal fraud-detection software had so far not detected any problems. For now, the bank isn’t planning to reissue new cards for all customers.
[...]
Read more in Portland Press Herald
Analysis and commentary I still think someone should write an article explaining how to write a press release for security breaches.
http://breachblog.com/2009/01/21/heartland.aspx?ref=rss
Heartland Payment Systems breach could be massive
Date Reported: 1/20/09
Organization: Heartland Payment Systems
Number Affected: Unknown, "the company is not yet ready to disclose the number of credit card accounts affected"**
**"Heartland handles over 4 billion transactions per year", Source: Heartland Company History
… [Evan] I have to say that this is one of the worst press releases I have ever read announcing a breach. I'll comment below.
Related Another form of mis-information (mis-direction?) with no way small businesses can clear their name. (Another job for the Class Action lawyers?)
http://www.databreaches.net/?p=855
Customer Says Local Bank Warned Of Potential Security Breach
Posted January 21st, 2009 by admin
Curiouser and curiouser… Forcht Bank’s spokesperson originally told a news source that they had been told by First Data Corporation that a breach involving 8,500 debit cards was due to a retail merchant. Subsequent news stories indicated that Forcht’s breach was part of the Heartland Payment Systems breach. A request for clarification from Forcht was not answered. Now we see another bank that informed its customers that they were recently told that a breach involved a retail merchant. Is there really another breach that involved a merchant or were attributions to a merchant erroneous?
The First Commonwealth Bank sent a letter to customers recently after they were notified by MasterCard of a security breach by a retail merchant.
The trouble, one customer said, is that the bank won’t tell customers which merchant was breached.
Read more on WPXI
Is this the underlying cause of smaller breaches reported earlier?
http://www.databreaches.net/?p=764
Two incidents — or three? And one gang — or more?
Posted January 21st, 2009 by admin
First we learned of a breach at RBS WorldPay detected on November 10th that resulted in fraud on at least 100 accounts.
Yesterday we learned of a breach at Heartland Payment Systems that presumably was going on during the fall and that has already been blamed for fraud in approximately 85 cases.
And in-between, we learned of mysterious micro-charges on thousands or millions of debit card and credit card statements that began in mid-November.
Are they all connected? Is there one large cybercrime outfit hitting the payment processors, or is there more than one group responsible for the two large breaches and the micro-charges incident?
Whether Heartland turns out to be the single biggest breach of all times is almost secondary to the larger issue of the state of security or lack thereof. In a recent analysis of 2008 breach data, I disagreed with any suggestion that the financial sector was the most proactive and raised the concern that the financial sector was not keeping pace with threats. It seems somewhat prophetic now. By the end of 2009, what will the figures for the financial sector look like if we could actually get the numbers on number of accounts accessed, etc.? Will 2009 be to the financial sector what 2006 was to the government sector or 2007 and 2008 to the business sector?
...and now for something completely different. The article reads like a chapter from “The Gang That Couldn't Shoot Straight” (This happened in 2004)
http://www.databreaches.net/?p=859
UK: Hackers tried to steal hundreds of millions from bank, court told
Posted January 22nd, 2009 by admin
David Brown reports:
An international gang plotted to steal £229 million from customers’ accounts at a leading bank by hacking into computers, a court was told yesterday.
A security supervisor smuggled two Belgian computer hackers into the London offices of Sumitomo Mitsui Banking Corporation by pretending that they were friends who had arrived for a game of cards. The hackers installed spy software that recorded employees’ names and passwords at the bank’s European headquarters in the heart of the City, Snaresbrook Crown Court was told.
[...]
The scheme was foiled because the hackers failed to fill in one of the fields in the Swift system used to make money transfers.
Read more in Times Online
Worth reading with HPS in mind. (Might be interesting to see more on how the laws have changed in the same period.)
http://www.pogowasright.org/article.php?story=20090121125128260
Lessons of ChoicePoint, 4 Years Later
Wednesday, January 21 2009 @ 12:51 PM EST Contributed by: PrivacyNews
It's been four years since data broker ChoicePoint acknowledged the data security breach that put it in the middle of a media firestorm and pushed data protection to the top of the infosecurity community's priority list.
Since then, the business world has made plenty of progress hardening its data defenses -- thanks in part to industry standards like PCI DSS and data breach disclosure laws (click to see state-by-state map) now in place.
But the latest data breach to grab headlines illustrates how vulnerable organizations remain to devastating network intrusions.
Source - CSO
[From the article:
Innovation has created bigger pipes, massive portable storage, stealth Port 80 file sharing and infinite egress points within any organization, Reavis says. It's just not easy to keep up with the security needs of such a beast.
That may be the case to a large extent, but other security experts see specific areas where organizations are simply asleep at the switch.
"All the improvements have come from SB 1386 and other disclosure laws, and as far as I can tell awareness to data risks hasn't increased significantly," says security industry veteran Richard Stiennon.
[Map of states with disclosure laws:
It's not much yet, but this has potential.
http://news.cnet.com/8301-17939_109-10147883-2.html?part=rss&subj=news&tag=2547-1_3-0-5
Washington Post launches database of political who's whos
Posted by Rafe Needleman January 22, 2009 4:00 AM PST
The Washington Post today is launching Who Runs Gov, a site primarily made up of a database of personalities in the United States government. If you're looking for info on your state's senator or representative, or details about a cabinet or high-ranking military official, it looks like the site could be a valuable resource.
Who Runs Gov is a wiki, powered by MindTouch. Registered users can edit the pages, but changes don't go live until the site's staffers approve the edits. Also, subjects of Who Runs Gov profile pages (or their staff) will be able to submit their own profile information for inclusion on pages about them, a fundamental different to Wikipedia, where you're not supposed to write about yourself.
Is it un-ethical to tap unencrypted communications that happen to wander by on your frequency? Probably more interesting is: How vulnerable is the Blackberry to a subpoena?
http://it.slashdot.org/article.pl?sid=09%2F01%2F22%2F1319212&from=rss
Obama Keeps His Blackberry (And Gets a Sectera)
Posted by CmdrTaco on Thursday January 22, @08:37AM from the good-cuz-crazy-glue-hurts dept. Security United States Politics
InternetVoting writes
"After all the controversy surrounding Obama's Blackberry, word has come that he will get to keep it. Few details are available and neither the National Security Agency nor the White House are talking. The current rumor is that the Blackberry will be used exclusively for personal use and a Sectera Edge will be used for official communications."
I don't use PowerPoint very often, but there must be some useful information in all of this...
http://www.killerstartups.com/User-Gen-Content/slideserve-com-sharing-powerpoint-presentations
SlideServe.com - Sharing PowerPoint Presentations
In general terms, SlideServe is a web-based resource that lets you upload any PowerPoint presentation that you have come up with and see what others think about it. This way, you can increase your skills by receiving instant and accurate advice from designers with a higher level of proficiency.
The opening screen spotlights featured presentations and site users, whereas a “Presentation of the Week” section is included for additional reference purposes. The presentations that have received the best ratings and the ones that have been viewed the most are equally highlighted.
Another aspect that merits a mention is that presentations can be shared both on a public and private basis, and if you wish to keep things as widespread as possible the corresponding link can be embedded on social networking sites. Of course, it is always possible to forward the link via e-mail.
By way of conclusion, if the basic premise sounds appealing to you, and you think that your presentation skills still have some way to go, a resource like this can help things improve in a live setting. You can reach it at www.slideserve.com and start sharing on the spot.
No comments:
Post a Comment