As many can tell by now, the breach has snowballed significantly, finding its way into hundreds of news articles, mostly containing the same information with slightly different wording. What follows is a time line as experienced by OSF, Data Loss DB, and our volunteers.
About a week ago, we heard “whispers”, what we call tips from folks who wish to remain anonymous, that something large had occurred with First Data. We did some degree of research, but came up with nothing, and moved on to our other duties.
Monday of this week, we discovered through our feeds this article mentioning First Data. Red flags a plenty came up, as its rare that a “whisper” goes much beyond a “whisper”. We immediately got in contact with those who wrote the article, and they indicated that they could get little information from First Data regarding the situation. We then began searching for data on other banks to see what we could find, and we came up with at least 5 other small banks posting notices regarding credit/debit cards. We wrote a brief post about what we thought we were seeing, and updated it as things changed.
We knew we had stumbled onto something large, but we thought it was involving First Data. The verdict is still out on whether Forcht Bank had anything to do with Heartland, as there are very conflicting reports about this, but our assumption for the time being is that it is the same breach.
We sounded alarms, and contacted several reporters and bloggers that we had worked with in the past. One or two articles later, the cat was out of the bag, and Heartlandissued a public statement regarding their breach. From there, other media outlets fed on the news, and here we are.
At this time, banks around the country are being notified, and are issuing new cards to their customers. We still have no total number affected, but there has been speculation of 100 million cards. Some are speculating that the total may end up being larger. If it is that high or higher, it would be the largest data loss incident ever reported. It is being reported that fraud is being attributed to this breach.
There are still significant questions that are unanswered, such as: How many people were affected, are we seeing more than one breach, and how exactly did this happen?. We know it has been attributed to malicious software or something of that nature, but the “how” question is more along the lines of, how did PCI-DSS required controls not stop this from happening?
Posted by d2d