backtop

Print E-mail del.icio.us 9 comment(s) - last by wallijonn.. on Feb 17 at 5:20 PM
The largest victims appear to be regional banks and credit unions

The numbers are beginning to tally up on last month’s security breach at credit-card processor Heartland Payment Systems, where information on as many as 100M accounts was stolen through software installed on the inside: according to an informal survey conducted by the Independent Community Bankers of America (ICBA) association, at least 157 various banks and credit unions have been warned about the safety of their customers’ accounts – constituting more than 80 percent of the 512 responses it says it received.

Bank Info Security published a growing list of affected banksWired’s Threat Level reported 135 banks as of Tuesday night, and at the time of this writing that number has since grown to 157, with more expected. BankInfoSec’s list consists mainly of regional banks and credit unions – the kinds of firms that Heartland specializes in – along with a handful of larger titans like Bank of America and Chase. Wired compiled a list of the top seven banks on this list, where the number of compromised accounts stretches as high as 75,000:

  • Trustmark Bank, Jackson, MS (75,000)
  • State Employee's Credit Union (SECU), Raleigh, NC (56,000)
  • GECU, El Paso, TX (25,000)
  • Bangor Savings Bank, Bangor, ME (18,000)
  • Wright-Patt Credit Union, Dayton, OH (17,200)
  • Canadian Tire Financial Services, Niagara, Ontario, Canada (15,000)
  • Capitol Federal, Topeka, KS (14,000)

Many of the details about the breach are still unfolding, but what is currently known is this: sometime in 2008 – Heartland speculates as early as May – unknown intruders managed to install data sniffers on Heartland’s internal network, which eavesdropped on unencrypted credit card numbers and expiration dates as they passed through its systems. Heartland was not aware of this until October, when Mastercard and Visa approached the company with reports of suspicious activity.

The actual breach was not rooted out until December, and its announcement withheld until January 20, 2009 – timed presumably to coincide with President Barack Obama’s inauguration ceremony. Early estimates pin the number of affected accounts at 100M – or nearly one affected credit card for every three U.S. citizens.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
I demand my phone call!
By chmilz on 2/11/2009 6:29:38 PM , Rating: 5
My girlfriend and I joined my brother and his wife for a nice dinner, and when it came time to pay, I was embarrassed when my credit card was declined. After using alternative payment, I contacted my bank and was informed that my card was canceled early last week due to this.

A quick phone call would have been nice, and saved me from the embarrassment.




RE: I demand my phone call!
By HostileEffect on 2/11/2009 6:38:01 PM , Rating: 2
Reminds me of that one commercial....


RE: I demand my phone call!
By jay401 on 2/12/2009 12:21:41 PM , Rating: 2
The one that came to mind was the one for the pill to resolve embarrassing public flatulence where the person with the problem is at dinner with some relatives or business clients, and they can't stop their audible gas moments until they take gas-x/bean-o/whatever.


RE: I demand my phone call!
By grenableu on 2/13/2009 9:59:36 AM , Rating: 2
Bank did the same thing to me once (cancelled card without my knowledge, due to some suspicious charge). Bad thing was that I was at the car dealership trying to pay for my repair at the time, and when I called the bank to clear things up, they said "sorry, but our systems are down right now. Please call back tomorrow".

I've never been so mad in my life.


RE: I demand my phone call!
By Spivonious on 2/13/2009 10:02:20 AM , Rating: 3
I just got a letter from my bank saying that I was affected and that they would be sending me a new card next week. My current one still works though, as I bought groceries with it last night.


Latest count
By Screwballl on 2/14/2009 9:29:05 AM , Rating: 2
As of 8:30AM CST the number is up to 229

I checked and my bank is not affected.




RE: Latest count
By murphyslabrat on 2/15/2009 4:08:45 PM , Rating: 2
Same here. Thank goodness for tiny credit-unions.


Is this the only one or the only one caught?
By withchza on 2/16/2009 6:30:19 PM , Rating: 2
I always wondered about the internal security at banks, especially the larger ones. If someone on the inside is doing this, how good is the security? I wonder if this is just the one they caught and maybe the good ones are still happening. Maybe that's what's behind all of those identity thefts. Maybe the banks just don't want anyone knowing about it. Please someone tell me that they catch these things before they cause much trouble. Between this and the other problems the Bank of Mattress is looking real good right now....




By wallijonn on 2/17/2009 5:20:22 PM , Rating: 2
quote:
Maybe that's what's behind all of those identity thefts.


Worry about the insiders in the US Post Office.

I once refused acceptance of an empty package (which was supposed to contain my 5 free BD movies.) Their excuse was that they couldn't tell where it was stolen from (even though it was obvious that they were stolen from within the system), so there was nothing they could do. Now imagine some mail clerk selling your bills to someone on the outside.


"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments











botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki