Group items tagged

Nearly one week after news emerged of the big data breach at Princeton, N.J.-based merchant acquirer Heartland Payment Systems Inc., it remains unclear how much damage actually happened and who did it. One report suggests Heartland's breach-related legal liabilities could approach $98 million, an estimate a Heartland spokesperson dismisses as speculative. The spokesperson tells Digital Transactions News on Monday that the so-called "sniffer" program secretly planted on one of Heartland's payment-processing platforms was not being used when investigators found it about two weeks ago. "It was inactive," the spokesperson says. "I want to be specific to say it was inactive," he adds, clarifying that the hackers hadn't deliberately disabled or deactivated it. Robert Carr, Heartland's chief executive, meanwhile, issued a statement calling for better industry cooperation and new operational procedures to prevent future data compromises, including industrywide, end-to-end encryption to fully protect cardholder data. Heartland uses encryption, but industry procedures leave data unencrypted during one brief point of the authorization process-a weakness that hackers have learned to exploit. Carr also said Heartland is working on its own system of end-to-end encryption.

In April 2008, the blogosphere was abuzz with news that someone was auctioning then-candidate Barack Obama's half-eaten breakfast on eBay, along with silverware purported to contain his DNA. This episode led some to speculate that the DNA of one or both of the presidential candidates would be surreptitiously analysed and their genetic information broadcast before the election for all to examine. Although this scenario did not take place during this election cycle, it is well within the realm of technological possibility. Every day, we shed millions of cells during ordinary activities - licking envelopes, blowing our nose, combing hair. These cells may seem to be mere human detritus, but our biological trash could be a gold mine for information prospectors looking for clues to our health or ancestry. And as an investigation in the latest issue of New Scientist magazine found, there already is a vibrant industry offering covert DNA tests to confirm infidelity and parentage. We have reached this point through technological advances in laboratory genetic analysis, dramatically reduced costs for the analysis and an almost complete absence of rules governing the legal status of "abandoned DNA."

In court papers filed Wednesday, former federal prosecutor Richard Convertino called reporter David Ashenfelter's invocation of the Fifth Amendment, in an attempt to keep from having to reveal his confidential sources, both "speculative" and "unreasonable." Convertino urged the federal district court in Michigan to sanction Ashenfelter and to require him to present further evidence as to why he should not be held in contempt for his refusal at a December deposition to reveal the confidential sources. For the past two years, Convertino has been seeking Ashenfelter's testimony in hopes of boosting his Privacy Act lawsuit against the Department of Justice. Convertino claims DOJ violated the law by leaking to the press details of an investigation into Convertino's conduct during a terrorism trial. At a deposition in December, after Judge Robert Cleland in the Eastern District of Michigan ruled twice that Ashenfelter is not protected by a First Amendment reporter's privilege, the reporter invoked the Fifth Amendment right against self-incrimination.

Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced Monday that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Meanwhile, Forcht Bank, one of the 10 largest banks in Kentucky, told its customers it would begin reissuing 8,500 debit cards after being informed by its own card processor of a possible breach. In the case of Heartland, while the company continues to assess the damages inflicted by the attack, Robert Baldwin, the company's president and CFO, says law enforcement has already noted that the attack against his company is part of a wider cyber fraud operation. "The indication that it is tied to wider cyber fraud operation comes directly from conversations with the Department of Justice and the U.S. Secret Service," Baldwin says. The company says it believes the breach has been contained. Heartland, headquartered in Princeton, NJ, handles approximately 100 million transactions per month, although the number of unique cardholders is much lower. "It is still a question as to the percentage of the data flow they were able to get," Baldwin says, adding he would not speculate on the number of cards potentially exposed. Specifics surrounding when the breach occurred are still being analyzed. But Baldwin says two forensic auditing teams have been working on the breach analysis and investigation since late 2008, after Heartland received the notification from Visa and MasterCard. The investigation began immediately after the credit card companies told Heartland they saw suspicious activity surrounding processed card transactions. Described by Baldwin as "quite a sophisticated attack," he says it has been challenging to discover exactly how it happened.

A New Jersey credit-card processor disclosed a data breach that analysts said may rank among the biggest ever reported. Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month. The company said it couldn't estimate how many customer records may have been improperly accessed, but said the data compromised include the information on a card's magnetic strip -- card number, expiration date and some internal bank codes -- that could be used to duplicate a card. Heartland, of Princeton, N.J., processes transactions for more than 250,000 businesses nationwide, including restaurants and smaller retailers. Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever, based on her conversations with industry executives. Previously, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos. in 2005 and 2006. Robert Baldwin, Heartland's president and chief financial officer, said it was too early to say how many records were accessed and that calling it the largest-ever breach would be "speculative." Representatives of Visa Inc. and MasterCard Inc. alerted Heartland to a pattern of fraudulent transactions on accounts the processor handled sometime last fall, Mr. Baldwin said. But an internal investigation and audits failed to detect a security breach. Last week, however, a forensic investigator discovered evidence of the breach. Mr. Baldwin said Heartland was targeted with malicious software that was "light-years more sophisticated" than malevolent programs commonly downloaded from the Internet.

"Bankers are playing with fire by increasing risk when taxpayer tolerance with financial bailouts has worn perilously thin, the International Monetary Fund warned. Managing director Dominique Strauss-Kahn reckons bankers may be in the throes of a "Mardi Gras" party of renewed speculation ahead of a looming regulatory crackdown. Yet the return of their old habits is dangerous. If a new financial crisis occurred in a few years" time, the public would be unwilling to support another round of massive bailouts, he told the Confederation of British Industry. Democracy itself could be threatened if banks went back to taxpayers with their caps in their hands. "In an atmosphere of increasing optimism, we see signs of old habits coming back. Risk-taking is on the rise," said Strauss-Kahn. "Right now, regulatory uncertainty is throwing up some perverse incentives. For example, it might be encouraging a risk-taking culture -- a Mardi Gras effect whereby financial institutions party now in expectation of lean times to come. "Clearly, this is dangerous, not least for emerging markets. And we may run out of time -- if we wait too long to implement these reforms, it might be too late." A second wave of rescues may simply not get through national legislatures, he added: "The political reaction would be very strong, putting some democracies at risk." IMF figures show the aftershocks of the 2008 crisis are far from over, with firms recognising only half of their losses worldwide. Yet despite the fragility of the financial sector, there is mounting evidence that traders are making hay before tougher regulatory standards come into force. Investment banking profits have soared this year, as firms make the most of ultra-low interest rates, money-printing operations and huge government bond issuance programmes. Strauss-Kahn argued countries need to act quickly to remove "regulatory uncertainty" -- ensuring bankers do not make the most of the current confusion over future standards

How will Barack Obama's administration affect IT spending in the trenches, where technology decision makers are dealing with strapped budgets and a shaky economy? President Barack Obama's official campaign Web site is a model of how 21st century technology tools can boost a candidate's popularity, building significant buzz via blogs, IM applications and e-merchandising. And Obama's campaign wasn't confined to his own site either, because he chose to expand his presence on social networking sites like Facebook, MySpace, Eons and BlackPlanet. His images and words also constantly popped up at outlets such as Flickr, Digg and YouTube. All these efforts made Obama an accessible, immediate and appealing figure to both younger voters and older ones who regularly connect to the Internet. Ultimately, they energized his campaign and helped secure a decisive victory for the nation's first African-American president. Certainly, Obama enters the White House with a reputation as one of the most-if not the most-tech-savvy chief executives ever. For starters, he's created the position of a federal chief technology officer to oversee the future of information technology for government agencies.