Is Heartland/WorldPay Suspect in Custody?
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
Authorities investigating the RBS WorldPay breach, as well as the breach at Heartland Payment Systems, have used similar language to describe an international conspiracy that is targeting multiple financial institutions. Based on these similarities, it seems highly likely that Tenenbaum and his cohorts may indeed be the culprits behind a rash of major information security breaches that have the Payment Card Industry pointing fingers and attempting to dodge responsibility for security compliance.
ISR News: 2009 - Year of the Insider Threat
Excerpt From BankInfoSecurity.com
The increased number of employers handing out pink slips doesn’t help quell the threat, with a record number of people on the unemployment lines and others at work worried about their own positions. “We’re going to see some insider events where insiders are tempted enough by money to enable these compromises to take place from outsiders, allowing access to payment data and account information,” says Mike Urban, Senior Director of Fraud Solutions at Fair Isaac, predicts,
Cyber Insecurity is Destroying Innovation
From The Cyber Security Institute
Insecurity is the greatest impediment to innovation. And this hurts America most of all. The United States simply cannot win in an economic race based almost exclusively on lower costs of production. We cannot compete on that footing against other nations where wages and benefits are vastly lower, standards of living for the majority of the people are abysmal, and health care is the ultimate luxury good of the elites. Other nations are uniquely able to re-engineer and make at a lower cost the things that Americans and others around the world need. If we run that race to the bottom we lose-win, lose or draw.
There is No Delight in Being Right
By Laura Wilson, Information-Security-Resources.com Corporate Liability Editor
We take no delight in having been right on these issues, because the filing of this kind of suit confirms that a significant breach has occurred, and many people have been harmed. We prefer that security gaps be identified and addressed before there is a crash. My prediction is that other companies will be involved. This does not let Heartland off the hook for whatever lapses they may have made, but my bet is that there are other weak links in the data access chain that connects to Heartland; that is, there may be joint causes and multiple weak links involved in this breach.
Heartland Suit Alleges “Inadequate” Security
Source: Law Offices of Howard G. Smith
The investigation focuses on allegations that statements made by the Company during that period were false and misleading and failed to disclose or indicate, among other things, that: (1) the Company’s safety and security measures designed to protect consumers’ financial records and data from security breaches were inadequate and ineffective; (2) the Company faced liabilities associated with a breach of the Company’s payment processing network and increasing costs associated with implementing appropriate security measures; and (3) as a result of a breach in the Company’s payment processing network, the Company was at risk of losing customers.
Heartland CEO Now Under SEC Investigation
By Anthony M. Freed, Information-Security-Resources.com Financial Editor
“The investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.”
ISR News: Heartland Braces For A Fight
Excerpts From SearchFinancialSecurity.com
“We intend to vigorously defend any such claims and we believe we have meritorious defenses to those claims that have been asserted to date,” Carr said. “At this time we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection with such claims.”
Undisclosed Breach Threatens Consumers
Story By DataLossDB.org
What we still don’t know is what processor has been breached. According to the aforementioned article, and as has been confirmed by our sources, VISA and Mastercard are refusing to disclose which acquirer processor had the breach, as the organization hasn’t released a public statement on it yet themselves.
More Than 500 Banks Hurt By Breach
Heartland Payment Systems Breach Updates:
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to editor@bankinfosecurity.com. Include your name, email, and a phone number where you may be contacted for verification. Following is the latest up-to-date list of institutions impacted by the Heartland breach and - where available - the total number of cards compromised:
McAfee Report: Our Unsecured Economies
By Laura Wilson
In 2000, I began serious work on protecting intellectual property, sensitive systems, and consumer information for technology and information companies. Starting in 2006, I focused on protecting this stuff within the financial industry. Based on my work with several of the largest financial companies in the world, and with a multitude of their vendors and outsourcers, the threat in the arenas of finance, corporate assets, litigation, and actual physical security cannot be overstated.
