2011-04-01
Abstract
Two years on, stolen card details from Heartland breach still being used.
Copyright © 2011 Virus Bulletin
The potential long-lasting effects of a security breach were highlighted earlier this month when a small Illinois-based bank revealed that customers’ payment card information had been compromised at card processor Heartland Payment Systems – which suffered a breach back in 2008.
It is thought that, more than two years after the breach, crooks are still working their way through the stolen card details. While many of the cards will no longer be active after such a long period of time (either because they have expired or because they have been cancelled), the flip side is that if a credit card has gone for two years without any signs of fraudulent activity, banks and retailers are likely to assume that it hasn’t been stolen – thus making it easier for the criminals to defraud.
The news comes just days after email marketing firm Epsilon admitted that hackers had obtained access to its customer data. The Dallas-based company claims that the data breach affected only around 2% of its clients and that the information obtained was limited to email addresses and/or customer names only. However, a growing list of companies is known to have had their customer lists stolen. Among the victims are Hilton Honors, Walgreens, Disney Destinations, Marks and Spencer, Capital One, TiVo, JPMorgan Chase and Citibank.
Even if the hackers did only obtain names and email addresses, these companies’ customers will now be at increased risk of phishing – and with the crooks able to personalize their emails, the phishes will be harder to spot than generic ones. Most of the affected companies have warned their customers to be on the alert for phishing attempts.
