NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2009-01

[Dataloss] Heartland Payment Systems Uncovers Malicious Software In Its Processing System

From: David Shettler (daveopensecurityfoundation.org)
Date: Tue Jan 20 2009 - 09:09:30 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Note: While we don't know for certain yet, this may be the breach
causing the raucous at banks recently, and the organization we wrote
about here:

http://datalossdb.org/incident_highlights/12-but-who-is-it-really

----

http://www1.snl.com/irweblinkx/file.aspx?IID=4094417&FID=7231254

PRINCETON, N.J., Jan. 20 /PRNewswire-FirstCall/ -- Payments processor
Heartland Payment Systems has learned it was the victim of a security
breach within its processing system in 2008. Heartland believes the
intrusion is contained.

"We found evidence of an intrusion last week and immediately notified
federal law enforcement officials as well as the card brands," said
Robert H.B. Baldwin, Jr., Heartland's president and chief financial
officer. "We understand that this incident may be the result of a
widespread global cyber fraud operation, and we are cooperating
closely with the United States Secret Service and Department of
Justice."

[..]

After being alerted by Visa(R) and MasterCard(R) of suspicious
activity surrounding processed card transactions, Heartland enlisted
the help of several forensic auditors to conduct a thorough
investigation into the matter. Last week, the investigation uncovered
malicious software that compromised data that crossed Heartland's
network.

[..]

Heartland has created a website - www.2008breach.com - to provide
information about this incident and advises cardholders to examine
their monthly statements closely and report any suspicious activity to
their card issuers. Cardholders are not responsible for unauthorized
fraudulent charges made by third parties.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]