« Rain, Heat, Gloom? No Problem. Deficit? Problem. | Main | Oh no you didn't... »

February 04, 2009

The Heartland Hack and You

by Jimmy Marks


I've written articles about password troubles before, but when it comes to any security smarter than that, I defer to those of greater experience. 

Ron, for instance, looks at the break-in from the POV of a former credit union CFO. He wrote a good article yesterday for CU Soapbox (click here). An excerpt: 

...I've had small breaks (80 member accounts affected) and fairly big breaks (400 member accounts affected). There's the estimated ~$15 you spend reissuing cards and closing accounts. And then there's the ~$10 you spend on credit monitoring on the accounts. That's ~$25 per account, so at worst it's about $10,000 that I've had to account for after a breach. And that's why, recently, there's a thought that's been troubling me.

The thought that the breach of Heartland Payment Systems has the potential to affect up to 100 million accounts. Click here for the CU Journal article.

100 million! One. Hundred. Million. I'm hoping the math makes sense for you here, because 100 million times $25 equals $2.5 BILLION. In losses and monitoring and trouble and waste.


It's a troubling aspect, that you'd be costing millions, if not billions, in damages. 

Rob had some issues with the break-in, too. Being the CIO/Security Specialist at DigitalMailer, he knows a thing or two (or two million, really) about security standards.
Quoting him: 

Technology-wise, not much info out there about what was involved except some sort of malware on computers. Not much excuse for that these days. A payment processor should be especially vigilant about what ends up on their internal systems. 

That being said, spyware is keeping one step ahead of the anti-malware industry and is getting trickier. There’s profit in spyware and hence motivation and funding to make it really good at what it does. The same motivation didn’t really exist for plain ol’ viruses, which were generally meant to just wreak havoc. 

There’s no one magic-bullet for data security. It’s a layered approach that must protect data while not getting in the way of employees doing their jobs. It’s a tough balance to strike. I’m sure there’s an IT staff at Heartland who thought they were doing all the right things. Clearly, they missed something. It’s an opportunity and a reminder to the rest of us to review our systems and look for the holes. What was sufficient a year ago is probably horribly antiquated now.


Rob recommended a book: 


I.T. Wars: Managing the Business-Technology Weave in the New Millennium by David Scott (click here to order on Amazon). 


Certainly a good read if you're tangled up in security issues. Or if you're not as tangled up as you should be. 

Posted at 12:43 PM in Credit Unions, Security, Web Safety |

|

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e5523c6093883401116846dbd7970c

Listed below are links to weblogs that reference The Heartland Hack and You:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.