BreachBytes

We reported on the Heartland Payment Systems breach yesterday. Today we are following up with a list of articles covering the breach. Information is still coming out and will be for a long time. That has not stopped the media from labeling this the biggest data breach of all time.

• Hearland Payment Systems press release. The company’s official position on the breach.
• USA Today: Hackers breach Heartland Payment credit card system. Good background and a comparison to the magnitude of teh TJX breach.
  
• ZDNet Blog: It’s a good day to disclose the largest credit card data breach ever . We are already jumping to the conclusion that this breach is bigger than TJX although there is noo such evidence at present to support this.
• ComputerWorld Blog: Biggest ever credit card data breach.
• KYPost.com: Hackers Prompt Local Bank To Disable Debit Cards. Interesting coverage showing the early impact of the breach on a small bank in Kentucky. This is the first of many to follow.

We will refrain from commenting on the breach until more solid facts emerge. We willcontinue to relay facts to our readers as they come.

Just about every news site that tracks computing, networking or security is reporting on the Heartland Payment Systems breach. Check out this coverage from CNET. Details are still sketchy and still emerging as is always the case in early-stage data breach reporting. These things take a long time and a lot of man-hours to analyze. We will likely be hearing about this one for months on end, especially if early reporting is correct in the scope and duration of the breach.

People are suggesting that this breach could beat the TJX breach in terms of the number of credit card accounts exposed to the intruders (“unknown hackers” at this point). The sheer volume of transactions handled by Heartland (100 million a month) makes this a potentially damaging breach to many consumers.  However, the company itself does not even know as of yet how many unique cards it has processed transactions with over the year or more that the intruders were active on their network.