. This is till unfolding, and could be unrelated to this, but it is increasingly looking like Heartland Payment Systems is the source. If anyone has evidence of any kind linking the Heartland breach
to the these banks, drop us an email.
A recent article
suggests that a major retailer has had a significant breach, affecting thousands of card holders. The breach apparently involves a merchant of First Data Corporation
, the organization that runs the STAR debit/ATM network. It may also be affecting customers of banks around the country.
The question is, who is this major retailer? We're hearing rumblings that this is a significant breach. Unfortunately, those covering it thus far haven't quite dug up that information.
This isn't the first time we've heard of a retailer having a problem, only to never find out the retailer's name, but this one seems more significant than those before. We heard similar rumblings before the Hannaford incident
Update: This article
may be related?
What would a card processor gain by protecting the identity of an offending merchant? Several theories have been put forth. In a bad economy, it could be their desire not to negatively affect an already beaten down consumer confidence. Or perhaps it could be to protect the retailer, again given the economy. Or perhaps there is more to it, perhaps the retailer in question were PCI compliant, and disclosure of the retailer would bring about additional criticism for PCI's Data Security Standard.
And what of breach notification laws? Does forcing the banks (who know little to no details) to send out notifications, in place of the offending merchant, comply with the laws? Or does it circumvent the spirit of them? Are data breach notification laws in existence just to notify consumers of fraud, or are they also meant to help consumers make safer choices with who they do business with?
Hopefully someone will shed a little light on this situation in the near future.
Update: This is looking like it isn't a breach at a retailer, but a breach at a