Credit Card Processing Firm Breach Could Be Largest Ever

[KeithP]

Just saw this security breach story. Keep your eyes on your statements.



-KeithP

 

[Slapstick]

Of course they did, wouldn't you?

 

[Crusty]

They got card numbers, no pins, no addresses... pretty useless this day and age.

edit: This was grabbed from the wired.com article which they have now updated to include that some names might have been taken too.

Basically nobody is too sure yet what exactly and how many of what were stolen.

 

[tm37]

Officials from the U.S. Secret Service could not be immediately reached for comment.

What were they doing?

 

[Anghang]

Originally posted by: Crusty
They got card numbers, no pins, no addresses... pretty useless this day and age.

But not absolutely useless.

They were listed on the compliant service provider list too, definitely going to suck for them and the assessor that validated their compliance.

 

[rudeguy]

A data breach last year at Princeton, N.J

Probably not

 

[Jeff7]

Originally posted by: Crusty
They got card numbers, no pins, no addresses... pretty useless this day and age.

But they got all the information recorded on the magnetic stripe.
I'm sure it wouldn't be too tough for a decent counterfeiting operation to make some fake credit cards and program their magnetic stripes with the relevant information.

 

[Thorny]

This breach has caused me to be unable to use my debit cards in certain areas for months now. Major PITA to call everytime I want to make an online purchase so they can unblock the card for an hour.

 

[QED]

Track data is the holy grail of credit card data theft, and that's exactly what the thieves got. This information isn't just enough to reproduce a credit card-- it IS the credit card. No surprise that Heartland would try to downplay it...

 

[frostedflakes]

Interesting. I had some fraudulent activity a few months ago, wonder if it was related to this?

 

[Sphexi]

The only thing that's verified in a standard ccard transaction is the card number. The CVV/CVV2 is optional, the address is checked but does not effect the result of the transaction, and if flagged a certain way even the expiration doesn't always make a difference. Having the numbers is enough, they just need to find some desperate online retailer who isn't using enough tools to verify their orders, and they could make off with a lot of merchandise.

 

[ShotgunSteven]

Originally posted by: Crusty
They got card numbers, no pins, no addresses... pretty useless this day and age.

The stolen data includes names, credit and debit card numbers and expiration dates.


The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

 

[FeuerFrei]

Hooray for forensics!


-- consider this bumpt --

 

[Crusty]

Originally posted by: ShotgunSteven

Originally posted by: Crusty
They got card numbers, no pins, no addresses... pretty useless this day and age.

The stolen data includes names, credit and debit card numbers and expiration dates.


The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

That wasn't published in the wired.com article about this. They specifically stated ONLY numbers were stolen.

It looks like they have updated the article recently to include that some names might have been taken too.

So basically... nobody knows how big the breach is and Heartland is going to have lots of problems.

 

[TwiceOver]

What does this have to do with the inauguration? Says they have been working with the SS for weeks. Unless I blacked out, again, the inauguration was yesterday.

EDIT: Ahh, had to actually use search to find what you were talking about since it was one sentence. In that case, I doubt they did it intentionally. News is so stale they'll be talking about this for months anyway, no matter when it was released.