Unnamed Payment Processor? C’mon Now
An unnamed payment processor? (Thx to the Intern for picking this article up for the morning news) What are we, in grade school? This is absolutely bizarre that neither Visa or Mastercard is coming clean as to the source of the breach. Which leads me to suspect that it may be rooted in one of the banks that currently is sweating it out in the national spotlight. The market is a mess enough as it is and this might be the proverbial straw that breaks the camel’s back.
Poor camel. Should really think about seeing a chiropractor.
The rumours are swirling that this breach may be on the scale of (or close to) the Heartland fiasco. We’ve had several tips none of which can be verified. We won’t go out on a limb unless we have something more than a LOT of smoke. The fire part is in there somewhere but, as of now we can only smell it burning.
From CNET:
The breach appears to have affected fewer account holders than were affected by a breach reported by Heartland Payment Systems last month, but represents a “significant number nonetheless,” the statement said. “According to VISA officials, the breach affected all card brands. Evidence indicates that the account number, PAN and expiration dates were stolen.”
This dance is getting tired and it’s time for someone to get voted off (note to self: stop watching TV with the missus).
Why has the number of affected card holders as well as the name of the affected processor being witheld still?
And then, the spin,
The Tuscaloosa Virginia Credit Union posted a statement on its site that said malicious software was placed on the processor’s system but there is no evidence that accounts were viewed or data taken by hackers.
Malicious software no longer constitutes evidence?
OK, so let’s review. From the CNET article we know that card processing is provided by the same company to Tuscaloosa Virginia Credit Union, Alabama Credit Union and the Pennsylvania Credit Union Association. That much we know. Anyone able to connect the dots?
Here is some more from Data Breaches:
Thanks to a more recent credit union notice that Jai Vijayan of Computerworld uncovered from the Alabama Credit Union, we now know that this is not just credit cards that have been affected, but that the breach also appears to involve “long lists” of compromised ATM/debit cards. Visa and MasterCard remain mute about the source of the breach, although once the confirmation was found, Visa confirmed to Computerworld that a processior “experienced a compromise of payment card account information from its systems,” and MasterCard’s statement referred to the processor as being in the U.S.
The plot thickens.
UPDATE: (Feb 26th) Datalossdb has a time line that covers this story. I’ll offer a free t-shirt to the person who can give me a name of the breached shop that we can validate. I know its not much but hey, we have no budget here at the Digest.
Posted by Dave Lewis
on February 25, 2009. Filed under Data Security,Disclosure.
You can follow any responses to this entry through the RSS 2.0.
You can skip to the end and leave a response. Pinging is currently not allowed.
2 Responses to Unnamed Payment Processor? C’mon Now
Leave a Reply
Follow Liquidmatrix
mike fratto
February 25, 2009 at 12:50 pm
Could also be that they are still investigating and don’t want to release the banks name pending completion. They will have to release the some time due to notification laws, I’d imagine.
Dave Lewis
February 25, 2009 at 12:52 pm
@mike fratto
Fair enough. Then why don’t they say that? Then there would be an understanding at least at a cursory level and I could leave my soap box in the laundry room.
