Blogger: Gerry Gebel
"The Highest Standards - The Most Trusted Transactions" That's the slogan on Heartland Payment Systems web site, which is obviously off the mark based on reporting that a massive security breach has resulted because of malware code installed somewhere on their network. The exact extent of the breach is unknown at this time, but the potential numbers are staggering. Heartland processes credit card transactions for 250,000 US merchant locations which amounts to some 100 million transactions per month and 4 billion annually. The malware skimmed the information found on credit card magnetic stripes - card number, cardholder name, and expiration dates - as the data was transmitted from merchants to Heartland's systems.
Heartland's president and CFO, Robert Baldwin, made comments in another article that are unsettling to say the least: "In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible," said Baldwin. Based on this assessment, Heartland will not attempt to notify potential breach victims - even if it could identify all of them. It's great that Mr. Baldwin is so confident, but the reality is that a little searching and persistence will connect the Heartland identity "dots" with other pieces of readily available data. To quote my colleague, Kevin Kampman, "The problem here is that little pieces fit together nicely with others, enabling sophisticated thieves to assemble data from seemingly unrelated sources in order to accomplish wider ranging compromises. In their case, every little bit helps. There’s no sense in feeding them more."
Unfortunately, this latest breach highlights the continued vulnerability of our personal data as it transits a myriad of locations and handlers for the purpose of completing seemingly routine transactions. 2009 is not off to a good start, as chronicled by the Privacy Rights Clearinghouse - which doesn't yet include the Heartland incident. Will 2009 be the year when this trend is reversed? So far, the answer is "No"