http://www.databreaches.net/?p=948
Roundup of local Heartland breach stories
Posted January 24th, 2009 by admin
It seems that now all of the local media have picked up the story and are reporting on local banks and credit unions. Given the extent of the breach, listing each story as a separate post is unwarranted, but here’s a roundup of stories over the past few days:
Another area credit union impacted by Heartland’s security failure reports on Beacon Credit Union and Notre Dame Federal Credit Union responses to the breach.
Comm. First Nat’l Bank reports fraud reports fraudulent use of a Community First National Bank of Mountain Home customer’s information due to the breach.
Credit card recall could affect thousands of Whatcom County residents reports on Industrial Credit Union of Whatcom County’s response to the breach.
Credit card breach spreads to state banks reports on the response by some New England banks: TD BankNorth, Kennebunk Savings Bank, Citizens Bank, Ocean National Bank, Laconia Savings Bank, and Bank of America, as well as New Hampshire Lodging and Restaurant Association in Concord.
Banks on alert after theft of account numbers reports on Great Southern Bank, Empire Bank, and CU Community Credit Union. CU Community Credit Union discovered nearly $11,000 in fraudulent charges had been put on 16 credit cards over one weekend in early November.
Bank will issue new cards; MasterCards compromised reports on North Country Savings Bank’s response.
Wright-Patt Credit Union reissuing cards after data breach reports on Wright-Patt Credit Union, who was notified by Heartland of the names of affected cardholders on Thursday.
Utahns at risk after card data breach reports on the response by Bank of Utah, Chase Bank, and Wells Fargo.
[Facts and speculation from the articles (in no particular order):
Some downplayed the potential impact of the data breach in Utah, saying most of the merchants processed by Heartland are in the east coast Industrywide, only a small percentage of compromised cards, or three percent on average, are fraudulently used.
… Jason Maloni, spokesman for Heartland... The criminals used very sophisticated software that managed to break through 37 layers of firewalls designed to thwart this kind of attack," he said.
… processes five billion transactions a year for 250,000 businesses nationwide.
… The company processes payments for 250,000 merchants nationwide, handling more than 4 billion transactions annually.
… some 200,000 merchants.
… for 175,000 merchants
… Robert Baldwin, Heartland's president and chief financial officer, said the thieves accessed a part of Heartland's network that handles transactions for 175,000 of the 250,000 merchants the company works with.
… According to Carpenter, Heartland contacted the credit union Thursday with the names of affected cardholders. [Is this a first? Bob]
… "We have received a list of card numbers from MasterCard [or is this what happened? Bob]
… "Bank of Utah has 245 customers whose pins were compromised, and we expect to have more,"
… The information breached included card numbers... but not...PIN numbers
… CU Community Credit Union in Springfield was not so lucky.
It discovered nearly $11,000 in fraudulent charges had been put on 16 credit cards over one weekend in early November, said Jenny Reynolds, vice president of marketing.
… Heartland officials are trying to determine the full extent of the breach, which occurred over a period of "several weeks" late last year.
… The malicious software is believed to have been loaded in March 2008. [And removed in January? More than several weeks... Bob]
… Bahn said Heartland Payment Systems disclosed last week that intruders hacked into its computers between May 15, 2008, and Nov. 13, 2008,
… Baldwin said Heartland uses heavy encryption, which means its data is cloaked in special computer coding so unauthorized computers can't read it, but added that the data has to be sent in unencrypted form to the card brands, which is where the criminals were able to spot it.
As they say, not all breach reports can be connected to the HPS breach (but they are likely to be blamed anyway)
http://www.databreaches.net/?p=954
CA: Credit card fraud hits Glenn County departments
Posted January 24th, 2009 by admin
One of the many problems with large incidents like the Heartland Payment Systems breach is that you wonder whether every bank or CU breach being reported is linked….
Barbara Arrigoni reports:
A bank under contract with Glenn County has alerted officials of allegedly fraudulent charges to county credit cards.
As of late Friday, the Finance Department listed 14 cards affected for a total of $44,073.
All county credit cards have been canceled and will be reissued with new numbers. Account clerk supervisor Susan Storz said it will take at least a week for new cards to be issued.
The amounts varied. Sheriff’s Lt. Phil Revolinsky said the bank caught one for $3,917 but declined it because it was over the daily limit. The same allegedly fraudulent user tried again at $1,975 and was again declined.
Revolinsky was told the charges were probably made online and appear to have been from other states. Some of the charges were from businesses in Wisconsin, Nevada and Alabama, he said.
Read more on ChicoER.com
If you had the largest network in the world, what would you do with it?
http://tech.slashdot.org/article.pl?sid=09%2F01%2F24%2F225235&from=rss
Downadup Worm — When Will the Next Shoe Drop?
Posted by timothy on Saturday January 24, @05:56PM from the it-looks-like-you're-using-windows dept. Security Windows IT
alphadogg writes
"The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."
Nothing displays/confirms your ignorance better than trying to control a technology you don't understand. (More “The Internet is a bunch of pipes” thinking.)
http://yro.slashdot.org/article.pl?sid=09%2F01%2F25%2F0550205&from=rss
National Censorship Plan Offensive, Says Aussie Shadow Minister
Posted by timothy on Sunday January 25, @01:29AM from the shadow-minister-is-such-a-cool-title dept. Censorship Government The Internet
downundarob writes
"Senator Nick Minchin, the Australian Shadow Minister for broadband, communications and the digital economy, has written (or more likely a staffer has written) this interesting article on the Australian Federal Government's continued zeal to enforce ISP-level filtering in Australia. In the article he posits that 'Underlying the Rudd Government's plan to screen the internet is an offensive message: that parents cannot be trusted to mind their children online.' Meanwhile, we wait for filtering trials to start, trials that have been delayed and which have next-to-no support among the industry. Telstra BigPond — Australia's largest ISP — has refused to take part, comparing internet filtering to 'like trying to boil the ocean.' The third largest, iiNet, is prepared to participate to highlight flaws."
“Oh, what a wicked web we weave when first we practice our customers to deceive.” One wonders if all the monitoring, volume shaping, and other excesses are costing more than they are worth.
http://tech.slashdot.org/article.pl?sid=09%2F01%2F24%2F1549202&from=rss
Comcast's Congestion Catch-22
Posted by Soulskill on Saturday January 24, @11:15AM from the solution-looking-for-a-problem dept.
An anonymous reader sends us to Telephony Online for a story about Comcast's second attempt at traffic management (free registration may be required). After the heavy criticism they received from customers and the FCC about their first system, they've adopted a more even-handed "protocol agnostic" approach. Nevertheless, they're once again under scrutiny from the FCC, this time for the way their system interacts with VOIP traffic. By ignoring specific protocols, the occasional bandwidth limits on high-usage customers interferes with those customers' VOIP, yet Comcast's own Digital Voice is unaffected. Quoting:
"The shocking thing is just how big a Pandora's box the FCC has appeared to open — and it just keeps getting bigger. When the FCC first started addressing bandwidth usage and DPI issues, it quickly found itself up to its knees in network management minutia. Not long after that, it followed another logical path of the DPI question and asked service providers and Web companies about their use of DPI for behavioral targeting. Now it seemingly has opened up huge questions about what it means to be a voice carrier in the age of IP. It's not hard to imagine the next step: What about video? Telco IPTV services are delivered in roughly the same way as carrier VoIP services — via packets running on the same physical network but a prioritized logical signaling stream. Is that fair to over-the-top video service providers?"
Keep this to yourself. Giving stuff away for free can be profitable in the right business model! Why is it so few businesses know or understand this simple message?
http://entertainment.slashdot.org/article.pl?sid=09%2F01%2F25%2F0041202&from=rss
After Monty Python Goes YouTube, Big Jump In DVD Sales
Posted by timothy on Saturday January 24, @10:20PM from the causation-may-have-something-to-do-with-correlation dept. It's funny. Laugh. Media Entertainment
An anonymous reader writes
"Apparently it with [I'd point out that no one reads what they write, but I recently killed off a Dean because I failed to catch an error, so I won't point this one out. Bob] the release of all of Monty Python's material on YouTube, their sales have blown through the roof on Amazon.com. It is too bad there isn't any proper news article about this, but I think it bodes well for those who champion free content. More importantly, it forces the MPAA's feet into their mouths."
Not every performer (or group of performers) has the decades-strong appeal of Monty Python, but this is a great thing to see. The linked article claims that the sales increase in the Python DVDs is 23,000 percent; there are probably some other ways to figure the numbers, but a big increase is easy to see.
Let's build a life sized model!
http://science.slashdot.org/article.pl?sid=09%2F01%2F24%2F1450205&from=rss
NASA Releases Video Tour of the ISS
Posted by Soulskill on Saturday January 24, @10:19AM from the eye-in-the-sky dept. Space Science
Malvineous writes
"Expedition 18 Commander Mike Fincke has recently filmed a high-definition 35-minute video tour aboard the International Space Station. For those who missed the HD broadcast on NASA TV, the video is available on YouTube. Due to YouTube length limits, the tour is split into four separate videos. Here are Part 2, Part 3, and Part 4."
Oh, the horror!
http://news.slashdot.org/article.pl?sid=09%2F01%2F25%2F0313220&from=rss
What, Me Worry? MAD Magazine Going Quarterly
Posted by timothy on Sunday January 25, @04:40AM from the needs-more-website dept. The Media It's funny. Laugh.
theodp writes
"MAD Magazine is about to put out its 500th issue, but starting with its April publication, the mag is cutting down to only four issues per year. The feedback we've gotten from readers,' quipped Editor John Ficarra, 'is that only every third issue of MAD is funny, so we've decided to just publish those.' MAD Kids and MAD Classics are ceasing publication entirely. Keep up the what-me-worry game face, Alfred!"
No comments:
Post a Comment