Two financial institutions have confirmed that the telltale signs of a second major credit-card breach are indeed real.
On Sunday, the DataLossDB, an online site that documents data breaches, reported that recent signs of major loss of credit-card data — not related to the Heartland Payment Systems breach — had been confirmed by two banks. The Tuscaloosa Federal Credit Union and the Pennsylvania Credit Union Association both warned that a payment processor other than Heartland had suffered a network intrusion. DataBreaches.net first reported the confirmations.
"While it has been confirmed that malicious software was placed on the processors platform, there is no forensic evidence that accounts were viewed or taken by the hackers," the TFCU said in a statement. "Since the final forensic report has not been provided, there is no estimate available at this time of the number of accounts involved in this event. Law enforcement is activity engaged in an investigation into this situation."
Two weeks ago, the DataLossDB reported that banks were notified of a second major breach. While the details seem similar to the intrusion into Heartland Payment Systems' network, the online thieves apparently only accessed the credit-card numbers and expiration dates, not magnetic stripe data.
While Visa and Mastercard are notifying financial institutions of the stolen data, the credit-card companies are not revealing the name of the company that was attacked until that company releases a statement. Under standard data-breach disclosure legislation, companies that have lost customer data can delay an announcement pending a law enforcement investigation.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos