Sunday, January 25, 2009

Suspect ID'd in Heartland Breach


Heartland "Break In" News

Evan Shuman, editor of Storefront Backtalk, is reporting on his site that the Secret Service has identified the source of the Heartland breach and turned it over to the DOJ.   Or at the very least the SS has PINpointed their location...overseas.


You'd think this to be big news, considering all the attention being given to the breach.  You'd also think that since it took so long to discover the breach, it might take longer than 2 or 3 days to find the source of the breach. I've googled "heartland suspect" and apparently Mr. Shuman has quite the breaking story, because I can't find mention of the PINpointing of the suspect  anywhere else, which doesn't trackback to backtalk.  anywhere. 

From Storefront Backtalk:

"The Secret Service has identified an overseas suspect in the Heartland data breach case and the matter has been turned over to the U.S. Justice Department, according to someone close to the investigation.


Few additional law enforcement details were immediately available, other than that the government believes it has identified the cyber thief involved, has “pinpointed” that suspect’s location and that it’s outside of North America, the source said.


"Given the word that the Secret Service believes it has located the
prime suspect, it raises the possibility that law enforcement was
already on their trail long before the Heartland spyware was detected.
"

Continue Reading at StoreFront Backtalk


That's an interesting observation...they knew about the trail, but not about the nuts (and bolts) of their operation.   Then again, original reports did quote Heartland's president and CFO, Robert Baldwin as saying: "Our discussions with the Secret Service and Department of Justice give us a pretty good indication that this is part of a group that appears to have done security breaches at other financial institutions."


Evan Schuman also reports that Heartland is now saying it was first alerted by Visa and Mastercard in the late October, early November time frame.  (you'd think there'd be an exact date they were notified by V/MC)  A "timeframe"  applies to when they "think" the malware was  released into their system. 

Although there's no official word on when the malware was first introduced into Heartland's system, there  has been talk that the malware has been "present " since May, 2008.  That's 6+ months of MP (Malware Present") transactions. 

Evan also goes on to say that Heartland spokesman Jason Maloni advises that when the sniffer software was finally  identified by the outside forensic expert hired by the company, the malicious program was inactive, which means that the suspects may have been "on" to the forensic investigation, and turned it off. 



Reblog this post [with Zemanta]

Heartland Fallout Continues

According to the St. Louis Journal, Heartland Bank and Bank of America said Friday they are issuing new credit and debit cards to their customers in response to the security breach at Heartland Payment Systems of New Jersey.

The Journal reports that "Heartland Payment Systems is not related to Heartland Bank." ... "confusion over the similar names has prompted 100's of calls to Heartland Bank in St. Louis this week."

Clarification: While this story makes it sound like the similarity of the Heartland names are purely coincidental, they are not. 
The two entities may be unrelated today, but they are both involved in the formation what is now the nation's sixth largest processor.

When Heartland was formed, it was formed in union with Heartland Bank.  I remember going down to St. Louis and meeting with Bob Carr and Heartland's bank president back then.  (I think it was in early '97) If I remember correctly Heartland Bank and Bob Carr were the co-founders.

I think Bob Carr broke free from Heartland Bank in 2000.   So the confusion has merit.  To this day, even their logos share an iconic common denominator.


Anyway, getting back to the story, from SLBJ: "The security breach did get information on our cardholders," David Minton, Heartland Bank president and chief executive, told the Business Journal. "Like other banks all over the country, we got notices from MasterCard and Visa saying that our customers' cards have been compromised."

The two largest banks in St. Louis, U.S. Bank and Bank of America, as well as other banks nationwide received similar notices because the breach, revealed by the New Jersey payment processor on Tuesday, potentially impacts millions of credit and debit card accounts.

Bank of America is in the process of reissuing new credit and debit cards to customers, said Betty Riess, a spokeswoman. She declined to specify how many of Bank of America's customers were impacted.

continue reading at St. Louis Business Journal

Disqus for ePayment News