May Have A New Winner In The Largest Security Breach Ever Department

from the and-it-will-get-larger,-I'm-sure dept

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

In the past, we've joked about how with pretty much every security breach, there's an initial estimate of the damage done, followed much later by a second report that admits the breach impacted many more people . It happened with the VA . It happened with Choicepoint . And, it happened with TJX , who raised the bar on being the worst security breach ever not once, but twice to impact nearly 94 million people. Who could top that?Step up to bat, Heartland Payment Systems. Chris writes in to point out that Heartland appears to have picked a pretty good day to announce a security breach that may impact over 100 million people . Everyone's off paying attention to the inauguration, so they might miss the news as it comes out today -- but they're likely to hear about it soon enough. It appears that Heartland's own computers were infected with malware which passed on information about transactions to some scammers.Heartland is now claiming that this really isn'tbig a deal, because personal information wasn't included in the breach -- meaning the data was useful for creating new cards with bogus data, but not useful for "card not present" transactions such as internet transactions or creating fake cards of real people. Because of this, Heartland doesn't think that it should need to offer credit monitoring services to impacted users, which has become the somewhat standard penance for those caught leaking credit card info.Of course, some are already questioning the timing of announcing the breach. Considering they figured out what happened a week ago, it does seem a bit of interesting timing to wait until the inauguration was underway to disclose this information.Still, given the history of so many earlier breaches turning out to be much worse later on, what's the over-under on the next announcement about how much worse this breach actually was?

Filed Under: credit cards, security breach

Companies: heartland payment systems