Network News

X My Profile
View More Activity

Quick Poll: Many Smaller Banks Hit By Heartland Breach

In another sign that the recently disclosed data breach at credit card processing giant Heartland Payment Systems may indeed be one for the record books, a quick survey of community banks indicates that a majority of institutions have been notified that at least some of their debit or credit cards were compromised in the breach.

Princeton, N.J., based Heartland has not disclosed how many credit and debit card accounts may have been intercepted by malicious software the company recently found on its payment processing network. Heartland's president and chief financial officer Robert Baldwin told Security Fix last month that the company processes about 100 million card transactions each month.

The Independent Community Bankers of America, a trade group that includes some 5,000 banks representing 18,000 locations nationwide, took an informal poll of its members recently to find out how many were contacted by Heartland. According to the ICBA, 83 percent of the 512 member banks that responded said they had credit and/or debit cards affected by the Heartland breach. Thirteen percent said they didn't know yet.

The ICBA survey is unscientific and extremely simple. Even so, it may offer the broadest look yet at the extent of this breach. So far, most of the information we have about the size of the breach has come from the Open Security Foundation. OSF maintains datalossdb.org, which has collected a list of news stories about specific banks that have acknowledged receiving notice from Heartland about compromised accounts. According to OSF, as of this writing, 79 banks have reported being affected by the Heartland breach, with a known total of 276,066 cards affected.

By Brian Krebs  |  February 6, 2009; 9:51 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Data Breach Led to Multi-Million Dollar ATM Heists
Next: Consider the Source, Not Just the File Type

Comments

Hey Brian, Off topic here, but the world needs a story from you on "Phexting"
Here: http://TwitPWR.com/3Nb/

Posted by: Identity-Theft-Expert | February 6, 2009 10:31 AM | Report abuse

@Identity-Theft-Expert
Brian has written on spim, which is the same thing. As has Pegoraro.

I don't get spim, because I set my account to reject texts sent from e-mail rather than from phones.

Posted by: wiredog | February 6, 2009 10:36 AM | Report abuse

[Grrr. For some reason, the commenting facility doesn't work right with Seamonkey(Firefox)... only IE... you should complain]

Anyway, I just wanted to note that Western Federal Credit Union did inform folks about Heartland: See http://www.western.org/news/heartland0901.htm

Posted by: cahwyguy | February 6, 2009 11:34 AM | Report abuse

Hmmm, I got a cryptic letter from one of my credit card companies about a breach at a "third party." The letter was amazingly short on details, but did say they'd be issuing me a new card with a new account number. Aside from that, it mostly said "keep an eye on your statements and your credit reports for the next two years".

Posted by: larrymac | February 6, 2009 12:37 PM | Report abuse

@cahwyguy

To leave a comment fr/ Firefox browser, if you're logged in, click the tiny little "please sign in" link @ the bottom of the column. Evidently the Washpost's software can't detect that we've signed in via Mozilla programs. The same procedure, via a larger but same location link, works @ Rob Pegararo's blog.

Clicking the link takes the user directly to the "Comments" box. Like this one (-;

Posted by: featheredge9 | February 6, 2009 2:03 PM | Report abuse

cahwyguy wrote:

[Grrr. For some reason, the commenting facility doesn't work right with Seamonkey(Firefox)... only IE... you should complain]
---------------------------------------------
No problem with either Firefox or SeaMonkey on the commenting facility here, but the WaPo generally has had some periodic issues with other stories/articles over the last week.

Posted by: brucerealtor@gmail.com | February 7, 2009 3:47 AM | Report abuse

The registration procedure seems unnecessarily intrusive. Under/over 18 is all anyone needs to know about my age.

Posted by: AlphaCentauri | February 8, 2009 2:14 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company