Skip the navigation
News

Banks, credit unions scramble in wake of Heartland breach

Several have begun reporting fraud associated with exposed cards

By Jaikumar Vijayan
January 27, 2009 12:00 PM ET

Computerworld - In the first real indication of the scope of the recently disclosed data breach at Heartland Payment Systems Inc., banks and credit unions from Washington to Maine have begun to reissue thousands of credit and debit cards over the past few days.

Several have also begun disclosing fraud associated with payment cards that were reported to them by Visa and MasterCard as having been exposed in the breach.

A Pennsylvania law firm today filed the first class-action lawsuit related to the breach. Chimicles & Tikellis LLP in Haverford, Pa., filed the lawsuit on behalf of Alicia Cooper, a resident of Woodbury, Minn., and others who might have been affected by the breach.

The complaint, filed in the U.S. District Court for the District of New Jersey in Trenton, alleges that Cooper, whose card was compromised in the breach, and others, were victims of Heartland's negligence in protecting cardholder data. The lawsuit, which calls for a jury trial, charged Heartland with breach of contract, breach of implied contract and breach of fiduciary contract for the breach.

The compromise has pushed the Washington Credit Union League (WCUL) in Federal Way, Wash., to revive legislation that would mandate specific data protection controls on all merchants and third parties, such as Heartland, that process payment card data. The bill (HB 1149) received its first hearing last Thursday in the Washington State House Committee on Financial Institutions and Insurance, according to a statement released by the WCUL.

Heartland, a Princeton, N.J.-based processor of payment card transactions, disclosed last Tuesday that its systems had been broken into by unknown intruders sometime last year. The company claimed that the intrusion -- which some are calling the biggest ever -- was discovered only earlier this month. Visa and MasterCard alerted Heartland of suspicious transaction activity, triggering Heartland to conduct its own forensic investigation, during which the intrusion was discovered.

The company said that intruders planted sophisticated sniffer software in its network and stolen data as cards were being processed.

Heartland has not yet released any information on the number of cards exposed in the intrusion. But the fact that the company processes more than 100 million transactions per month for over 250,000 customers has sparked speculation that the breach might be even bigger than the one disclosed by The TJX Companies Inc. in which more than 45 million payment cards were compromised.

Since its disclosure, a growing number of financial institutions across the country have begun notifying their customers of their cards being potentially compromised as a result of the breach. In most cases, the compromises result in the cards being blocked and recalled by the financial institutions. A small sample of those making such announcements included the following:



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Cybercrime and Hacking White Papers
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
Protecting Point of Sale Systems from Targeted Attack
If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on...
From the Frontline - Preventing APT
Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command...
Stop Hackers Before They Attack
Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn...
The four rules of complete web protection
As an IT manager you've always known the web is a dangerous place. But with infections growing and the demands on your time...
All Cybercrime and Hacking White Papers
Cybercrime and Hacking Webcasts
WikiLeaks: How am I Affected?
The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
All Cybercrime and Hacking Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs