BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: follow-up: Visa: There is No New Data Breach (fwd)

From: Tom Mahoney <lists () merchant911 org>
Date: Tue, 3 Mar 2009 16:33:11 -0500
As I pointed out on by blog earlier today, I'm not buying Visa's 
story.  There were certainly enough credible web pages out there 
claiming a new breach and the reports all pointed to different data 
being compromised.  Visa originally said it wasn't Heartland but that 
they weren't releasing the name of the breached entity because the 
breached entity hadn't released a press release yet.  No press 
release, no disclosure, therefore it is a new breach.

Tom Mahoney
www.merchant911.org/blog/

At 9:11 AM +0000 3/3/09,  security curmudgeon typed out:

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.bankinfosecurity.com/articles.php?art_id=1245

By Linda McGlasson
Managing Editor
Bank Infosecurity
March 2, 2009

Heartland Payment Systems (HPY) may be the only "new" data breach, after
all.

A week after at least two banking institutions and a state banking
association reported a new data breach that had been announced to them by
Visa, the credit card company now is saying that its recent alerts to card
issuers were actually part of an existing investigation and aren't
"related to a new compromise event."

In its statement issued on Friday, Visa says it "has provided the affected
accounts to financial institutions so they can take steps to protect
consumers. In addition, Visa is risk-scoring all transactions in
real-time, helping card issuers better distinguish fraud transactions from
legitimate ones."

Visa did not name the entity that was breached - and gave no reason for
the continued anonymity.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: