follow-up: Heartland pays Amex $3.6M over 2008 data breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9142448/Heartland_pays_Amex_3.6M_over_2008_data_breach?taxonomyId=17

By Robert McMillan
IDG News Service
December 17, 2009

Heartland Payment Systems will pay American Express $3.6 million to settle 
charges relating to the 2008 hacking of its payment system network.

This is the first settlement Heartland has reached with a card brand since 
disclosing the incident in January of this year.

The U.S. Department of Justice has charged Albert Gonzalez and several 
other accomplices with the hack, saying that Heartland was one of several 
companies that the hackers managed to break into using SQL injection 
attacks.

Other alleged victims include 7-Eleven and Hannaford Brothers. In total, 
the gang managed to steal more than 130 million credit card numbers from 
Heartland and about 4.2 million from Hannaford, prosecutors allege.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php