Web site: More than 150 banks affected by Heartland data breach thus far
List compiled by BankInfoSecurity.com includes banks in 40 states, Canada, Bermuda and Guam
Computerworld - The number of financial institutions that have said they were affected by the data breach disclosed last month by Heartland Payment Systems Inc. is growing longer by the day and now includes banks in 40 states as well as Canada, Bermuda and Guam, according to the BankInfoSecurity.com news portal.
The Web site today published a list containing the names of 157 institutions that it said have publicly disclosed to customers that they were victimized as a result of the breach at Heartland, a large payment processor in Princeton, N.J. The list includes two banks in Bermuda, plus one each in Canada and Guam.
A Heartland spokesman said today that while he had seen the report on BankInfoSecurity.com, he was unable to verify whether the numbers cited by the Web site were correct.
Meanwhile, in another indication of the fallout from the breach, 83% of the 512 banks that responded to an informal "quick poll" survey conducted in late January by the Independent Community Bankers of America (ICBA) trade group said that credit or debit cards they had issued were compromised in the incident at Heartland. Another 12% said they didn't know yet if they had been affected, while just 4% said they hadn't been, according to the ICBA, which has more than 5,000 member banks from around the U.S.
For the most part, the banks on the list compiled by BankInfoSecurity.com appear to be mostly smaller institutions — although there are a handful of larger ones, such as Sovereign Bank.
Only about 50 of the banks on the list appear to have publicly disclosed the number of their credit and debit cards that were affected by the Heartland breach. A rough tally of the total number of compromised cards announced by those institutions amounted to more than 300,000 cards, with the individual counts ranging from 16 in the case of Valley Bank & Trust Co. in Gering, Neb., to about 75,000 at Trustmark National Bank in Jackson, Miss.
The overall scope of the Heartland breach still remains largely a matter of conjecture. But it is potentially massive: Heartland processes payment card transactions for about 250,000 merchants and handles an average of more than 100 million transactions per month.
The company disclosed Jan. 20 that intruders had broken into its systems sometime last year and planted malware that they used to steal card data. Heartland itself hasn't publicly confirmed any further details about the breach, or specified when the intrusion happened. But some affected financial institutions have said that it occurred in May 2008 and wasn't discovered until earlier this year.
The apparent fact that the intrusion remained undetected for so long, and the number of transactions that Heartland processes, have led some analysts to surmise that the breach might well surpass the one disclosed by The TJX Companies Inc. in January 2007 as the largest thus far involving payment card data.
The Heartland breach already has led to a class-action lawsuit being filed against the company by law firm Chimicles & Tikellis LLP in Haverford, Pa., on behalf of a resident of Woodbury, Minn., and others who might have been affected by the data compromise.
In addition, the Washington Credit Union League in Federal Way, Wash., is pushing state legislators there to revive legislation that would mandate specific data protection controls on all merchants and third parties that process payment card data. The bill received its first hearing before a committee in the Washington House of Representatives soon after the breach disclosure, according to a statement released by the WCUL.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts