The largest victims appear to be regional banks and credit unions

The numbers are beginning to tally up on last month’s security breach at credit-card processor Heartland Payment Systems, where information on as many as 100M accounts was stolen through software installed on the inside: according to an informal survey conducted by the Independent Community Bankers of America (ICBA) association, at least 157 various banks and credit unions have been warned about the safety of their customers’ accounts – constituting more than 80 percent of the 512 responses it says it received.

Bank Info Security published a growing list of affected banksWired’s Threat Level reported 135 banks as of Tuesday night, and at the time of this writing that number has since grown to 157, with more expected. BankInfoSec’s list consists mainly of regional banks and credit unions – the kinds of firms that Heartland specializes in – along with a handful of larger titans like Bank of America and Chase. Wired compiled a list of the top seven banks on this list, where the number of compromised accounts stretches as high as 75,000:

  • Trustmark Bank, Jackson, MS (75,000)
  • State Employee's Credit Union (SECU), Raleigh, NC (56,000)
  • GECU, El Paso, TX (25,000)
  • Bangor Savings Bank, Bangor, ME (18,000)
  • Wright-Patt Credit Union, Dayton, OH (17,200)
  • Canadian Tire Financial Services, Niagara, Ontario, Canada (15,000)
  • Capitol Federal, Topeka, KS (14,000)

Many of the details about the breach are still unfolding, but what is currently known is this: sometime in 2008 – Heartland speculates as early as May – unknown intruders managed to install data sniffers on Heartland’s internal network, which eavesdropped on unencrypted credit card numbers and expiration dates as they passed through its systems. Heartland was not aware of this until October, when Mastercard and Visa approached the company with reports of suspicious activity.

The actual breach was not rooted out until December, and its announcement withheld until January 20, 2009 – timed presumably to coincide with President Barack Obama’s inauguration ceremony. Early estimates pin the number of affected accounts at 100M – or nearly one affected credit card for every three U.S. citizens.

"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher
Related Articles

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki