http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=214502489
By Kelly Jackson Higgins
DarkReading
Feb 23, 2009
Brace yourself for another payment-processor breach: A second U.S.-based
payment acquirer/processor has been hit with a network hack that exposed
consumers' credit card accounts.
As of this posting, the victim firm's identity had not been revealed.
According to several credit unions, Visa recently alerted them that
another payment processor had discovered a data breach. Among the credit
unions issuing alerts about the breach on their Websites are The
Tuscaloosa VA Federal Credit Union and the Pennsylvania Credit Union
Association. The Open Security Foundation has a notice posted on its
DataLossDB site.
The latest breach follows that of Heartland Payment Systems, which went
public on Jan. 20 about discovering malware on its processing system;
some security experts have called it the largest security breach ever.
Heartland processes 100 million payment card transactions per month for
175,000 merchants.
While details on the latest hack are still emerging, there is one known
difference between it and Heartland's: This latest breach exposed
so-called card-not-present transactions -- online and call-based
transactions -- and not magnetic-stripe track data. Primary account
numbers and expiration dates were stolen from the firm's settlement
system, according to the Tuscaloosa VA Federal Credit Union.
[...]
Received on Tue Feb 24 04:48:27 2009