Bankers Warned; Massive Credit Card Processor Breached

Robert Siciliano Identity Theft Expert

Hackers have breached another huge payment processor. Who? As of this writing they aren’t saying. A statement issued by the Community Bankers Association of Illinois states “Visa announced that an unnamed processor recently reported that it discovered a data breach. The processors name has been withheld pending completion of the forensic investigation” The Open Security Foundation posted a notice on its website Here

CBAI report here and highlights below

According to VISA officials, the breach affected all card brands. Evidence indicates that the account number, PAN and expiration dates were stolen. No cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers or other personal information were involved in the breach.

An increase in card-not-present fraud suggests some BIN number have been targeted by criminals.

VISA officials reported that while the number of accountholders affected is undetermined, it appears to be fewer than those affected by the recent Heartland Payment Systems breach, but a significant number nonetheless. And unlike the Heartland breach, where thieves also captured Track 2 data, officials reiterated that no personal information was taken in this most recent event.

The status of the processor’s PCI compliance is unknown at this time. Bankers. MORE TO COME….”

Why not go after processors, thats where all the data is!

Visa and MasterCard are in the process of notifying affected banks about what they say is a “major compromise”. So far this is not related to the Heartland Payment Systems breach where an expected 100 million cards have been compromised. Or it may be, we don’t know.

Initial reports say the criminal hackers planted malware, or malicious software on the processors servers. Malware of this type generally has some type of remote control component that allows a criminal hacker to remotely access the server and divert data underground.

Visa reached out to all affected banks on February 12th when they conducted a conference call disclosing the severity of the issue. Apparently the compromise occurred from February of 2008 till August 2008 the past few weeks.

At this point neither Visa or MasterCard haven’t disclosed which processor has been compromised nor have they disclosed the size of the breach.

Whether the unknown processor was compliant or not has also not been revealed.

Check your credit and banking statements carefully. Scrutinize every charge and refute any unauthorized charges within 30-60 days. Call your bank/credit card company immediately if you see any fraudulent activity.

Robert Siciliano Identity Theft Speaker Expert discussing another ugly data breach Here.

Identity Theft Expert and MyLaptopGPS:Costs in 2008 Attributable to Laptop Theft Projected to Exceed $1 Billion by End of Year

(BOSTON, Mass. – June 30, 2008 – IDTheftSecurity.com) The costs in 2008 attributable to laptop theft and its consequences are on track to exceed $1 billion by the end of the year, a running tally by laptop tracking firm MyLaptopGPS strongly suggested. In the face of these mounting costs, according to widely televised and quoted personal security and identity theft expert Robert Siciliano, affordable, simple-to-use technology designed to deter laptop theft and protect the information on them gives smart organizations the advantage.

"The pace of laptop theft continues unabated, threatening at any time to cripple governments or the system of commerce with just one large enough theft," said Siciliano. "Meanwhile, the accumulated costs in identity theft and other crimes attributable to countless smaller-scale laptop thefts leave the public already questioning the security of worldwide databases and financial systems. Smart organizations understand this and take measures to prevent laptop theft and mitigate its fallout when it does happen."

CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano leads Fortune 500 companies and their clients through consumer education workshops that explore security solutions for businesses and individuals. A longtime identity theft speaker and author of "The Safety Minute: 01," he has discussed data security and consumer protection on CNBC, NBC’s "Today Show," FOX News Network, and elsewhere.

At its website, MyLaptopGPS keeps a running tally of highly publicized laptop and desktop computer thefts and losses. The Realtime Estimated Damage Index (REDI) also assesses those losses’ associated costs by drawing on estimates from the FBI and other sources that reflect the likelihood that identity theft and other crimes will occur whenever a computer is misplaced or stolen.

On June 30, the REDI had recorded the loss of nearly 500 machines to date, with an associated cost attributable to just these few hundred machines on track to easily surpass $500 million by the end of 2008. Taking into account the countless unpublicized laptop thefts that the REDI does not record, the total cost attributable to laptop theft in 2008 was likely on pace to exceed $1 billion.

"The thefts of laptops just continue to pile up," said MyLaptopGPS’ chief technology officer, Dan Yost, who directed readers to a log of high-profile laptop thefts that the company records at its website. "With no end in sight, the potential of millions of stolen identities as a result, and the prospect of class-action lawsuits and voter backlash against institutions responsible for these lost laptops, the alternative of a less-than-ten-dollars-per-month preventative measure against laptop theft starts to make a lot of sense."

According to Siciliano, the state of laptop computer security is woeful. He pointed to a report in June of another several thousand data records gone missing to laptop thieves. He also noted a high-profile laptop theft that threw into question basic assumptions about the security of machines in the hands of national defense officials:

  • The theft of seven laptops belonging to the U.K.’s National Health Service exposed about 30,000 patients to untold crimes, reported Contractor UK Limited on June 20.
  • On June 13, the Daily Mail reported on the theft of a laptop computer belonging to a high-level anti-terror police officer in the U.K. Because of the officer’s preference of using his own laptop in place of one issued by the government, the information now probably in thieves’ hands was not encrypted.

"The apparently gaping holes in laptop security are in fact a cause for alarm," said Siciliano. "They throw into question safety protocols at the highest levels of government and law enforcement."

Siciliano encouraged readers to consider anti-laptop theft technology such as MyLaptopGPS’, which combines Internet-based GPS tracking — more effective than other forms of GPS for tracking and retrieving stolen laptops — with other functionalities to secure mobile computing devices. Users launch MyLaptopGPS’ features remotely, protecting data even while the machine is in a criminal’s hands. Once connected to the Internet, the software silently retrieves, and then deletes, files from machines as it tracks the stolen or missing hardware — at once returning the data to its rightful owner and removing it from the lost computer.

"Our laptop fleet was certainly worth protecting," said Jim Sullivan, the network, systems and security administrator for FastForms, Inc. "We have procedures in place to help secure the machines, but we realized that we needed some key additional layers of security, such as covert tracking and remote-controlled data recovery and destruction. MyLaptopGPS’ solution is very easy to use, and we are quite satisfied. We would recommend MyLaptopGPS to any business seeking a simple solution to secure their laptops and data."

Additionally, MyLaptopGPS offers SafeRegistry™, a comprehensive system for inventorying entire fleets of mobile computers, as well as a full line of highly renowned SafeTags™, which are police-traceable property tags designed to secure iPods, cell phones, BlackBerry devices, and other mobile property.

Readers may download a demo of MyLaptopGPS. A white paper is also available.

The YouTube video below shows Siciliano on "FOX Newschannel," where he discussed this year’s data security breach at Hannaford Bros. and provided consumers affected by the theft with the tips they needed to avoid paying for fraudulent charges to their bank accounts and credit accounts. To learn more about identity theft, a major concern for anyone who’s lost a laptop computer to thieves, readers may go to video of Siciliano at VideoJug.

###

About MyLaptopGPS

Since 1984, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS™, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS™’s rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services for almost 25 years.

About IDTheftSecurity.com

Identity theft affects us all, and Robert Siciliano, CEO of IDTheftSecurity.com and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. A leader of personal safety and security seminars nationwide, Siciliano has been featured on "The Today Show," CNN, MSNBC, CNBC, "FOX News," "The Suze Orman Show," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "The Howard Stern Show," and "Inside Edition." Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Mademoiselle, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others. For more information, visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

John Dunivan
MyLaptopGPS Media Relations
PHONE: (405) 747-6654 (direct line)
jd@MyLaptopGPS.com
www.MyLaptopGPS.com

Robert Siciliano, Personal Security Expert
CEO of IDTheftSecurity.com
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
www.idtheftsecurity.com

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com
http://www.STETrevisions.com
http://www.brentskinner.blogspot.com