Princeton, N.J.-based Heartland Payment Systems, which suffered a 2008 payment break-in exposing 130 million U.S. credit and debit cards, says a new breach could compromise the data of 2200 customers.
According to an alert issued by Heartland on May 8 this breach was the result of physical theft. “An incident occurred at our office in Santa Ana, California,” the company reported. “Many items, including password protected computers belonging to Heartland were stolen.”
Reports said thieves took off with 11 computers, four of which may contain Social Security Numbers and bank account information used in payroll processing.
Heartland said it notified customers with potentially exposed data including some in Pennsylvania and New Jersey. The company says it's monitoring “for any malicious activity.” and offering free ID theft protection.
In 2008, Heartland's credit and debit card processing systems were hacked, exposing the payment details of 130 million people.
Although the latest breach seems less threatening it could potentially be far more damaging. “The Heartland breach is troubling because it goes beyond credit cards and account information. While none of the news is good, the people impacted must take immediate action. From a risk assessment perspective, there could be considerably more money involved in a breach that includes payroll information and bank accounts,” John Zurawski, vice president for Authentify, a supplier of authentication services for protecting user accounts from unauthorized access, said.
Zurawski recommended people with information potentially exposed should immediately change their passwords and their banks will have to authenticate those requests carefully. “The people affected should consent to any additional authentication factors their bank may offer. A multi-factor authentication process in which the second factor is a call to a principal's mobile phone would be ideal.” If a transaction is attempted and a legitimate employee is not behind it, the call to the phone should offer a chance to cancel the transaction.”
As of May 26, the number of breaches captured on the San Diego-based ITRC 2015 Breach Report totals 315 data incidents. This represents a dip of 3.4 percent in the number of breaches from last year's total for the same time period.
The breaches currently on the ITRC Breach List are broken down by category as Business 39.4 %, Medical/Healthcare 36.2%, Banking/Credit/Financial 9.5%, Educational 8.6 % and Government/Military 6.3 %
The report noted “It is of interest that there has been a significant increase of more than 50 percent in the number of breaches in the Educational and Banking/Credit/Financial sectors over the same period last year. This is followed by a nearly 30% increase in the Business sector. In contrast is the dramatic decrease in the number of breaches in the Government/Military and Healthcare/Medical sectors, down nearly 46 percent and 59 percent, respectively.”
Continue Reading for Free
Register and gain access to:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
