Just weeks after Heartland breach, another payment processor said to be hit
Visa, MasterCard notify banks of breach at unidentified company; third incident involving payment processors since December
Just weeks after Heartland Payment Systems Inc. disclosed what may be one of the largest breaches of payment card data thus far, news is emerging of what could be another major breach involving a payment processing company.
The identity of the payment processor is still unclear, as is the number of credit and debit cards that were compromised in the breach. What is known is that attackers broke into systems at a U.S-based company and that the breach exposed the account numbers and expiration dates of payment cards used in so-called card-not-present transactions between last February and this January.
The breach is the third affecting a payment processor to come to light since late last year, following the one that Heartland acknowledged last month and another that RBS WorldPay Inc. disclosed in December. The latest incident underscores concerns within the financial industry that attackers are increasingly targeting payment processors, which typically handle far more card data than individual retailers do.
Both Visa Inc. and MasterCard International Inc. have begun quietly notifying banks and credit unions of the new breach and providing them with lists of the affected card numbers. As with the breach at Heartland, no unencrypted PINs, card verification codes or customer Social Security numbers were exposed, according to the notifications. They also indicated that the latest incident didn't involve the compromise of data from the magnetic stripes on the back of cards, whereas Heartland said that some magnetic-stripe data may have been taken in the breach there.
In a statement sent via e-mail, Visa said it's aware that a processing firm has "experienced a compromise of payment card account information from its systems." But Visa didn't identify the affected payment processor in its statement, which said that card holders are protected financially from illegitimate purchases through the company's zero-liability fraud-protection policy.
MasterCard confirmed in a statement that it also has begun alerting card issuers about what it described as a "potential" breach. "In response to a potential security breach affecting an acquiring processor in the United States, MasterCard is monitoring developments and has notified issuers of cards that were determined to be improperly accessed by an unauthorized party," the company said. MasterCard added that it was providing the notices so that banks and credit unions could monitor for suspicious account activity and take steps to protect their card holders.
The breach was first reported by the Office of Inadequate Security blog site on Saturday. Since then, the blog has posted alerts from various organizations reporting that they were informed of the breach by Visa and MasterCard. Among them are the Tuscaloosa VA Federal Credit Union in Alabama, the Pennsylvania Credit Union Association, the Community Bankers Association of Illinois and the New York State Consumer Protection Board.
In addition, Computerworld found a similar advisory posted on the Web site of the Alabama Credit Union in Tuscaloosa that discusses the latest breach and its impact on that institution's customers.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts