The Way from Data to Information

Data Mining

Subscribe to Data Mining: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Data Mining: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Data Mining Authors: William Schmarzo, Jason Bloomberg, Robin Miller, Progress Blog, Rostyslav Demush

Related Topics: Data Services Journal, SSL Journal, Data Mining, Twitter on Ulitzer, Security Journal, Secure Cloud Computing

Twitter: Blog Feed Post

Time the Avenger (also a great Pretenders song)

I made several entries in recent weeks regarding the Heartland breach and just wanted to close out, what became a little blog series about protection, encryption, education and how F5 solutions might have have made these non-existent. There are a lot of people affected by the breach, including myself. This is the notice I get when I login to my banking website:

Important Message – For Visa Check Card Users.

Visa® has notified ** Bank that Heartland Payment Systems, an independent merchant card processor, experienced a security breach in their organization. As a result, Visa® has provided ** Bank with a list of card numbers that may have been affected by the compromise. ** Bank is taking every precaution, notifying those individual clients affected, informing them that their Visa® card will be closed, and a replacement card will be mailed within the next few days. Please carefully review your account activity and immediately report any discrepancies. Should you have questions concerning the compromise, please visit the Heartland Payment System site at If you received ** Bank’s notification that your card was compromised and you have questions, please call us.  (bank name removed for my protection)  :-)

Luckily, I never use my debit card as a Visa so, in theory, I should be fine.  I’m still diligently reviewing my daily transactions to make sure nothing has gone astray but I do feel a little better about this than I did the Checkfree breach, since that was a backend connection via partners and I have no control over that.  But, here’s the catch.  Even though I feel somewhat ok, it’s still a daily ‘check’ to calm my wonders.  That’s the other part of breaches – aftermath.  Not necessarily all the press, new cards, and credit checks – a lot of times it’s the wait and wonder.  If your institution is involved in a breach and nothing bad happens to you, you think you might be cool.  But sometimes these things take time.  It’s not uncommon for a breach to be announced with all the expert articles covering the story.  A common theme in these articles is the ever present, ‘we’re not sure just how many records were compromised.’  10 months later only a byline appears somewhere but the compromised/sensitive information is still being sold or used somewhere in the crime-sphere.  Even if you were in the early bunch and got a new card, your troubles might not be over since there might have more information about you leaked than just a 16 digit code.  Combine that with info scraped from a social media site and an impostor still has the means to cause personal havoc.  When all the press has faded you can’t forget that you might still be at risk.  Even now, that Checkfree breach doesn’t get much press & you might have already forgotten about it.

Some good news is that authorities have now arrested three people in Florida in connection to the Heartland breach.  The trio were arrested after trying to use stolen numbers tied to the Heartland breach at a local Wal-Mart…but after a 3 month investigation….and these were low level crooks.  They were using some of the numbers as early as last November ‘08 even though the breach wasn’t announced until January ‘09.  It’s entirely possible to even get hit during an investigation since the authorities almost have to ‘let’ the criminals commit fraud just to gather evidence.

So as the stories dwindle, new cards arrive and the next ‘Breaking News’ breach hits, don’t let your diligence fade as your comfort returns.  Oh, and if you like ‘time’ in songs, here’s a great list.


Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.