Shostack + Friends Blog Archive


Breach Misdirection

While we were all paying attention to the Inauguration and having merry debates about how many Justices can deliver the Oath of Office on a pin, what may be the biggest breach ever tried to tiptoe past.

Heartland Payment Systems may have lost 100 million credit card details, surpassing the 94 million that was lost in the TJX breach.

There aren’t many details, yet. Apparently the hackers were on the network for months, having gotten in through malware.

We will of course hear many more details on this. The USA Today article has some news. AP has the best reporting I’ve read, but they are ambivalent about pixels, so you’ll have to find it on your own.

3 comments on "Breach Misdirection"

  • It would stand to reason that if you are going to release information like that you would do so when the story is likely to get lost in the clutter. From a “managing the story” point of view it was probably a good move from Heartland’s perspective.

  • Tamzen says:

    Oh joy! Does this mean I get to foresee yet another new Citicard? I think I’m up to 3 this year from various data losses.

  • Mordaxus says:

    Don’t get me wrong — if I were the poor schlep who had to announce this, I’d announce it during the Inauguration, too. You play the cards in your hand to the best of your ability.
    However, I’m not that poor schlep, I’m a security blogger who got asked, “Did you see the Heartland breach story?” My reply was, “What Heartland breach story?” While I was watching history, someone was announcing history.

Comments are closed.