Mostly Security Snippets from Tom Olzak
Just trying to make it through the morass of information security issues slamming the Net every day. Helping others to do the same.
The customer again in the middle
You have to love what appears to be legal-speak from the most current credit card firm to be breached. On one hand, financial institutions claim they can see evidence of the breach as the bad guys use stolen information. On the other is the payment company (thus far unidentitified) which is saying there is no “forensic evidence” that information was stolen. The customers are caught between demonstrable evidence and CYA activity.
Two financial institutions have confirmed that the telltale signs of a second major credit-card breach are indeed real.
On Sunday, the DataLossDB, an online site that documents data breaches, reported that recent signs of major loss of credit-card data — not related to the Heartland Payment Systems breach — had been confirmed by two banks. The Tuscaloosa Federal Credit Union and the Pennsylvania Credit Union Association both warned that a payment processor other than Heartland had suffered a network intrusion. DataBreaches.net first reported the confirmations.
“While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers,” the TFCU said in a statement. “Since the final forensic report has not been provided, there is no estimate available at this time of the number of accounts involved in this event. Law enforcement is activity engaged in an investigation into this situation.”
Source: Another payment firm breached, details few, SecurityFocus, 23 February 2009
