Corporate good news comes on Monday. Always Monday. Corporate bad news comes on Friday. Always late Friday—just as everyone’s packing it in for the weekend. Unless it’s really bad news. Then it comes on inauguration day.
The really bad news from Heartland Payment Systems is that it has potentially leaked 100 million credit and debit accounts. If it turns out to be the full 100 million, it will be the worst data breach on record. Ars Technica speculates the breach is related to the “sudden surge of microtransaction fees reported in early December.”
The story was broken by Brian Krebs at the Washington Post and to date Heartland has refused to disclose when it discovered the breach but acknowledges it did report it to the US Secret Service. The source of the breach wasn’t disclosed until last week—one of the Heartland systems had been infected with malware designed to report the information stored on the magnetic strip on the back of credit and debit cards—name, account number, and expiration date.
Heartland processes payments for more than 250,000 merchants and began receiving reports of fraudulent activity from Visa and MasterCard late in 2008.
While Heartland maintains that no personally identifiable information was leaked, it’s unknown whether card verification number (CVN) codes were disclosed. Most likely, the magnetic strip information will simply be transferred to blank cards and used in merchant locations across the globe without surveillance cameras. Worse, Heartland either doesn’t know or won’t disclose how many and which transactions were processed by the infected system. The company won’t even disclose which merchants were involved. Worst of all, Heartland hasn’t disclosed any information about how it plans to track this data in the future or prevent breaches like this from occurring again.
And Heartland’s timing of its limited disclosures with Obama’s inauguration? Heartland chief executive Robert Baldwin told Wired‘s Kim Zeter, “Really, today was the first possible day that we could get this information out. Transparency is absolutely critical. It’s a core value of this company…. We’re not kidding ourselves that if it doesn’t get reported today it’s going to go away. To purposefully hold off the information [for another day] was just going to be wrong.” Righto.
Image credit: zingersb.
0 responses. Comments closed for this article.