New Processor Breach?

2009-02-13 by d2d Question_mark

Banks around the country are reportedly receiving warnings, and perhaps even new lists of cards to replace. This is apparently regarding another credit card processor, unrelated to Heartland Payment Systems, having a significant breach.

OSF has received multiple tips from multiple sources, all sounding nearly identical.

From what we've heard, this second breach is significant in scale, but we have not as of yet been told who the processor is.

Also has released an article about three people being arrested for allegedly using credit cards from the Heartland Breach. And also, their list grows of institutions affected by the Heartland incident (they maintain a much more comprehensive list than we did). Hats off!

We'll post more details as we become aware of them.


by Anonymous on 2009-02-15 (about 5 years ago)

Here is some more information on the Heartland breach timeline and the concurrent stocksales by CEO Robert O. Carr:

It links this "New Processor Breach" posting near the intro. Interesting read.

by Anonymous on 2009-02-16 (about 5 years ago)

There is no such thing.........

Its just a rumer..............

by Anonymous on 2009-02-16 (about 5 years ago)

Any new updates regarding who the Processor may be..?

by d2d [Data Loss Maven] on 2009-02-16 (about 5 years ago)

Nope, no word. Consistent reports however, stating a processor unrelated to Heartland.

by Anonymous on 2009-02-18 (about 5 years ago)

Is the breach bigger than heartland in volume or a bigger processor? Since heartland is number 6, who are the final 5?

Any more info on this?

by d2d [Data Loss Maven] on 2009-02-18 (about 5 years ago)

Per Reuters:

The Company competes with First Data Corporation, Bank of America Corporation, Global Payments Inc., Fifth Third Bank, Chase Paymentech Solutions and NOVA Information Systems, Inc., a subsidiary of U.S. Bancorp.

See also:

by Anonymous on 2009-02-18 (about 5 years ago)

Is there any more information on what other processor was breached?

by d2d [Data Loss Maven] on 2009-02-18 (about 5 years ago)

The minute we know, we'll post something. No additional information at this time.

by Anonymous on 2009-02-18 (about 5 years ago)

The consistent part of the rumors that I've heard puts Bank Of America (BOA) in the middle of it. Whether it truly is BOA or some entity working through BOA remains to be seen. However, the size of the breach varies significantly from rumor to rumor, so who knows how large it may truly be.

by Anonymous on 2009-02-24 (about 5 years ago)

Found this Visa announcement from 2-11 describing an undisclosed breach that is not Heartland:

Has anyone heard anything on RBS WorldPay finding a second breach in their CC processing while investigating the pre-paid breach that was already announced?

Are they trying to avoid the double whammy while they announce the big sell-off of assets and a return to retail banking this week?

Hmmm... Difficult to see the future is.

by Anonymous on 2009-02-26 (about 5 years ago)

"Heartland Payment Systems Now Under SEC Investigation"

“The investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.”

by Anonymous on 2009-02-26 (about 5 years ago)

New theory on the "undisclosed" breach: It is Everybody - in the sense that multiple processors are known to be targets per the current investigation - maybe they all got breached.

Maybe all the rumors are true. This would be a PCI bloodbath if it proves to be the case.

Found this at Computer World:

"The Treasury's OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst at Gartner Inc. "I think that the criminal gang that targeted Heartland is targeting multiple payment processors, and it's a serious threat to the integrity of the payment systems," she said."

by Anonymous on 2009-02-28 (about 5 years ago)

This is consistent with the rumors I have heard about RBS:

Visa: New payment-processor data breach not so new after all

February 27, 2009 (Computerworld) Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor, following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company is now saying that there was no new security incident after all.

In actuality, Visa said in a statement issued today, alerts that it recently sent to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn't disclose the identity of the breached company, nor did it say why it is continuing to keep the name under wraps.

Visa said that it had sent lists of credit and debit card numbers found to have been compromised to financial institutions "so they can take steps to protect consumers." The company added that it currently "is risk-scoring all transactions in real time, helping card issuers better distinguish fraudulent transactions from legitimate ones."

Visa's latest statement follows ones that both it and MasterCard International Inc. issued earlier this week in response to questions about breach notices that had been posted by several credit unions and banking associations. The notices made it clear that they weren't referring to the system intrusion disclosed by Heartland on Jan. 20 and suggested that a new breach had occurred.

Visa's initial statement and the one from MasterCard were both carefully worded; neither said specifically that the breach being referred to was a new one, but they also didn't say that it was a previously disclosed incident. Visa said it was "aware that a processor has experienced a compromise of payment card account information from its systems," while MasterCard said it had notified card issuers of a "potential security breach" affecting a payment processor in the U.S.

MasterCard officials didn't respond today to requests seeking clarification on whether its statement referred to a previous breach or a new one.

Benson Bolling, vice president of lending at the Alabama Credit Union in Tuscaloosa, said today that officials there had understood the breach to be a new one based on the alerts sent out by Visa — but couldn't say that for sure. According to Bolling, the credit union, which posted an advisory on Feb. 17 and updated it two days later, was informed by Visa of a "big breach" shortly after getting the word about the intrusion at Heartland.

The identifying number that was used in the so-called Compromised Account Management System alert issued by Visa appeared to suggest a new breach, because it was different from those used in previous CAMS notices, Bolling said. It was his understanding, he added, that CAMS alerts related to a previous breach would use the same identifier as the original notifications...

by Sue [Apprentice Investigator] on 2009-03-01 (about 5 years ago)
Heartland strikes again!

The article:

Neither NewAlliance Bank, People's United Financial nor Webster Bank would report how many customers are getting new cards after Heartland Payment Systems warned them it found malicious software on a computer system.
My Mastercard was breached via People's Bank. Some twit charged $122 at, and had it sent to Prishtina, Switzerland.
The bank made good on the money, and their letter of 2/6/09 stated that: "MasterCard has reported that a number of MC-branded cards were compromised at a U.S. based merchant's network that processes debit and credit card transactions. The compromise was NOT the result of any action by People's United, but, rather, by a breach at the transaction processor's facility."

New Comment

Are you human?

Sponsored By: Rbs Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail [email protected] with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2014, Open Security Foundation, All Rights Reserved.