A global survey conducted by Unisys last year found that 72% of US citizens would be willing to undergo fingerprint scans to verify their identities when dealing with banks and government organisations.A global survey conducted by Unisys last year found that 72% of US citizens would be... more
The raids were part of an investigation prompted by complaints from AT&T and Verizon about unpaid bills allegedly owed by some data center customers, according to court records. One data center owner charges that the telecoms are using the FBI to collect debts that should be resolved in civil court. But on Tuesday, an FBI spokesman disputed that charge.The raids were part of an investigation prompted by complaints from AT&T and Verizon... more
Anyone who has been following the cascade of security failures plaguing the payment card industry in the last year, and punctuated by the still-shrouded breaches at RBS WorldPay (RBS) and Heartland Payment systems (HPY), has to acknowledge that there are major problems with security that need to be addressed pronto. But the greatest threat to the survival of PCI DSS (Payment Card Industry Data Security Standard) may not be the ever-evolving tactics of the criminal hackers intent on a “big score,” but instead the dysfunctional nature of the relationships between the very parties the standards are meant to serve.Anyone who has been following the cascade of security failures plaguing the payment... more
An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland’s shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.An investor has filed a proposed class action in the US district court of New Jersey... more
• SEC with a full case-study presentation as well as a full Q&A session with an SEC
representative
• 3M on successful SOX compliance in multi-national organizations
• Eli Lilly on optimizing the external auditor relationship
• Eastman Kodak Company on going beyond 404: Meeting the SOX governance
requirements
• Canadian Natural Resources on practical identification and mitigation of IT risks
and controls
• Barr Pharmaceuticals on going beyond AS5: identifying further opportunities to
reduce costs
• Flowserve Corporation on improving effectiveness and reducing costs
• EMC on standardizing controls in a de-centralized environment
Live Blogging By Information-Security-Resources.com• SEC with a full case-study presentation as well as a full Q&A session with an SEC... more
System Participation - HPS is now in a probationary period, during which it is subject to a number of risk conditions including more stringent security assessments, monitoring and reporting. Subject to these conditions, Heartland will continue to serve as a processor in the Visa system.System Participation - HPS is now in a probationary period, during which it is subject... more
Now, with 3 processor/acquirer breaches in 3 months, it appears she’s the Nostradamus of the financial transaction world. So when one of her “quatrains” predict that “Visa’s next…”Now, with 3 processor/acquirer breaches in 3 months, it appears she’s the... more
“Once the intruder is on the network and able to move around, there is oftentimes a system of downloading hacker tools, and the tools do a couple of different things. Sometimes they go and look at passwords or try to find passwords, and sometimes they are simply devices to capture sensitive information and maybe store it in a certain file somewhere on the network. And then lastly there is another series of hacker tools that are downloaded and installed and the point they have, the purpose of being used to export the sensitive information over the internet through remote computers that the intruder controls. Sometimes the export occurs over an extended period of time.”“Once the intruder is on the network and able to move around, there is oftentimes a... more
We take no delight in having been right on this one. That’s because the filing of this kind of suit means that a significant breach has happened and many people have been harmed. I prefer that security gaps to be identified and addressed before there’s a crash. My prediction is that other companies will be involved. This does not let Heartland off the hook for whatever lapses they may have made, but my bet is that are other weak links in the data access chain that touches Heartland. There may be joint causes, multiple weak links, involved in this breach.We take no delight in having been right on this one. That’s because the filing of... more
Despite the fact that many Americans distrust the National Security Agency for its role in the Bush Administration’s warrantless wiretapping program, the agency should be entrusted with securing the nation’s telecommunications networks and other cyber infrastructures, President Obama’s director of national intelligence told Congress on Wednesday.Despite the fact that many Americans distrust the National Security Agency for its... more
Cyber-scams have been a problem since the Internet’s conception. But with the economic recession, the number of scams is on the rise. Experts and law-enforcement officials who track Internet crime say scams have intensified in the past six months, as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses.Cyber-scams have been a problem since the Internet’s conception. But with the... more
The investigation focuses on allegations that statements made by the Company during that period were false and misleading and failed to disclose or indicate, among other things, that: (1) the Company’s safety and security measures designed to protect consumers’ financial records and data from security breaches were inadequate and ineffective; (2) the Company faced liabilities associated with a breach of the Company’s payment processing network and increasing costs associated with implementing appropriate security measures; and (3) as a result of a breach in the Company’s payment processing network, the Company was at risk of losing customers.The investigation focuses on allegations that statements made by the Company during... more
“The investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.”“The investigation may relate to stock trades made by Heartland Chairman and CEO... more
“We intend to vigorously defend any such claims and we believe we have meritorious defenses to those claims that have been asserted to date,” Carr said. “At this time we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection with such claims.”“We intend to vigorously defend any such claims and we believe we have meritorious... more
Our society’s sensitive systems and information, the underpinnings of the transactions and information flow facilitating our quasi-orderly daily lives, are absolutely ripe for a zero day attack - an electronic information debacle that will shut us down.Our society’s sensitive systems and information, the underpinnings of the... more
There had been indications in early Heartland reports that the FBI was pursuing suspects who may be part of a larger criminal conspiracy targeting multiple companies, but there are no reports yet as to whether this latest breach is part of that investigation, or whether the revelations at Heartland led to this breach being uncovered.There had been indications in early Heartland reports that the FBI was pursuing... more
It wasn’t until the credit union was contacted by its credit card company about the Heartland Payment Systems (HPY) data breach that the connection was made. CU Community Credit Union is one of an unknown number of institutions that have been hit by the Heartland breach that was first made public on January 20.It wasn’t until the credit union was contacted by its credit card company about the... more
Computer attacks pose the biggest risk “from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities,” said Shawn Henry, assistant director of the FBI’s cyber division told the International Conference on Cyber Security in New York .Computer attacks pose the biggest risk “from a national security perspective, other... more
"As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.""As has been reported, Heartland first learned of a potential problem from the card... more
“The consumers get mad at the bank for something that’s not their fault,” he said. “They place responsibility on (banks) for a breach at a processor in some other state used by a vendor where the customer used their card, but at the end of the day, everybody thinks it’s the banks’ issue, where it was not.”“The consumers get mad at the bank for something that’s not their fault,” he... more