BankInfoSecurity.com - Information Security News, Regulations, & Education

Just Released: Our Online Webinar Catalog

Bank Information Security Articles

Heartland Data Breach: 500+ Institutions Affected

Credit
EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Related Phishing Scam Uncovered in Texas

February 23, 2009 - Linda McGlasson, Managing Editor

Save

Digg

Delicious

Please login or register to save this article.

Comment on this article

The number of financial institutions that stepped forward to say their customers' credit or debit cards were compromised because of the Heartland Payment Systems (HPY) data breach has now reached more than 500.

Little more than a month ago, on Jan. 20, Heartland, a Princeton, NJ-based payments processor, went public that it had discovered hackers had gained access to its computer networks and had been able to see credit card and debit card numbers as they were processed for several months in 2008. The nation's sixth largest payments processor, Heartland said it processed an average of 100 million transactions each month in 2008, and has about 175,000 retail and merchant customers for which it handles credit and debit transactions across the U.S.

Three customer class action suits have been filed in U.S. Federal Court in New Jersey against the payments processor by Philadelphia-based law firms. No class action suit on behalf of institutions affected by the breach has been filed yet.

Three men were arrested and charged with using "cloned" or counterfeit cards with stolen credit card numbers from the Heartland breach in Tallahassee, FL earlier this month, but no further arrests have been made in the case. The three men arrested in the Florida fraud case were described as lower-level players, but law enforcement continues to follow the trail of fraud and credit cards stolen in the Heartland breach that have been used in Mexico, Texas, Florida and other states.

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Healthcare Enews

General Healthcare Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

Related Phishing Scam Hits Texas Bank

A bank in Texas reports that its customers are being targeted in a phishing scam related to the Heartland breach. Extraco Bank in Killeen, TX had to replace 9,000 cards that were compromised. On Saturday, the bank told customers in an email that if they received a text message or page that told them to call an 866 number and asked for debit or credit card number, expiration date and PIN numbers, to contact the bank. It is a phishing scam, the bank told its customers.

The local paper, The Killeen Daily Herald, reported the bank's phishing scam on Sunday. Identical scams were already reported in other local area cities, says Extraco. The bank is working with AT&T and the U.S. Secret Service to trace the scammer and get the number disconnected.

Next Related Article:

Heartland, Discover Settle for $5 Million

Where have you seen new phishing attempts as a result of the Heartland breach?

Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.

Please login if you would like to post a comment on this question.

Do they KNOW if any of the cardholder information was ever actualy captured and sold? Or do they still only know that it was available to hackers due to the spyware found?

Why isn't Heartland, the processer, listing the retailer locations? I'd like to know where I went that had a breach! I was contacted by my Visa Platinum Plus Bank of America credit card company stating a breach/compromise had taken place and therefore were reissuing me a new card. They also stated there were several breaches but Heartland had released their name but it is possible another insitution was responsible for compromising my data but they would not provide me that information by Visa. Visa did not have to "legally" provide me that info....is that accurate?

Topics of Interest

Governance & Standards

Regulatory Scrutiny: Protecting Sensitive Data
Meeting the Challenges of Governance, Risk, & Compliance

First Party

Mortgage Fraud Trends: Cindi Dixon, Mela Capital Group
FDIC on Top Fraud Threats to Banks

Federal Reserve Board

Regulatory Reform: Dodd's Bill Analyzed
Regulatory Reform: "We're Easy Targets" - Alex Sanchez, Florida Bankers Association

COSO

Good Governance: How to be a Security Leader
NCUA - Supervisory Committee Audits

GRC

Compliance Multi-Tasking - Today
Implementing Detailed User-Level Auditing of UNIX and Linux Systems

Pharming

Phishing Report: Top Threats & Trends in 2008 and Beyond
How to Avoid Being a Victim of Multi-Channel Fraud

Latest Tweets & Mentions

Recent Content
Most Popular

1Heartland, Discover Settle at $5 Million
2How to Protect Consumers from ID Theft
3The Mobile Mandate
4Church Latest Victim of ACH Fraud
5Video: Why Cyber Challenge is Needed
6FDIC: 829 Troubled Banks
7ID Theft: Courts Cracking Down
810 Tips to Thwart Skimming
9Skimming: Old Crime, New Tools
10Key Elements of Risk Management

1Failed Banks and Credit Unions, 2010
22010 Data Breach Timeline
3Pay-At-The-Pump Skimming on the Rise
4Account Takeover: The New Wrinkle
5Tapping the Power of Social Media
6ATM Skimming: How Effective is Jitter?
741 Banking Breaches So far in 2010
8New Fraud Spree Investigated
9Social Media Policy - The 6 Essentials
10FDIC: Top 5 Fraud Threats

BankInfoSecurity.com Research

Podcast:Mortgage Fraud: Compliance to be a Challenge
Webinar:Vendor Management Part III: Inside the BITS Shared Assessments Program
Handbook:2010 Webinar Catalog
White Paper:Understanding Man-in-the-Browser Attacks and Addressing the Problem
Regulation:FHFA: Issues Subpoenas for PLS Documents

Recent Blog Entries

Be Mindful of Insider Fraud Against Seniors

California's Financial Abuse Reporting Act, SB 1018, which r…

Read The Agency Insider by Linda McGlasson

Vendor Solutions

Gemalto

Solutions For:

Authentication, Identification and Authentication, Identity Management
MessageLabs

Solutions For:

Anti-SPAM, Authentication, Email Security

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

BankInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
BankInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Federal Deposit Insurance Corp
Federal Reserve Board
Federal Trade Commission
FFIEC
FHFA
FinCEN
Government Accountability Office
National Credit Union Admin.
NIST
Office Comptroller of Currency
Office of Thrift Supervision

Anti-Money Laundering

Banking Today

Confidence In Banking

Business Continuity & Disaster Recovery

Pandemic Preparation

Compliance

Bank Secrecy Act
Basel II
CA Bill 1386
E-SIGN Act
FACTA
Gramm-Leach-Bliley Act
Guidance
Identity Theft Red Flags Rule
NCUA Part 748
Patriot Act
PCI DSS
Sarbanes-Oxley Act

Emerging Technology

Application Security
Authentication
Cloud Computing
Data Loss
Encryption
GRC
ID Access & Management
Messaging
Mobile Banking
Network/Perimeter
Remote Capture
SIM/SEM
Social Media
Storage
Web Security

Fraud

ACH
ATM
Check
Debit, Credit, Prepaid Cards
First Party
Insider
Mortgage
Payments
Wire

Governance & Standards

BITS
Cobit
COSO
FFIEC Handbook
ISO
ITGI
ITIL
PCAOB

Identity Theft

Pharming
Phishing
Skimming

Leadership & Management

Physical Security

Biometrics

Risk Management

HR
Incident Response
Information Security Compliance
Insider Threat
IT Audit
Privacy
Risk Assessment
Social Engineering
Vendor Management

Training & Education

FHFA: Issues Subpoenas for PLS Documents..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
DoJ: Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act..Next Topic
FFIEC Issues 2009 Mortgage Fraud White Paper:The Detection and Deterrence of Mortgage..Next Topic
FDIC: Fraudulent Work-at-Home Funds Transfer Agent Schemes..Next Topic
Joint Statement by Education Secretary Duncan, Homeland Security Secretary Napolitano and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
NIST: PIV Card Application and Middleware Interface Test Guidelines, SP800-85A-1..Next Topic

A-
A
A+