BreachBytes

If you are a Virginia resident there is a chance your medical records are being held hostage by a hacker that breached the Virginia Prescription Monitoring Program. He is demanding $10 million dollars to return the records he deleted when he breached their network. The original report of the breach from Wikileaks can be found here. Excellent coverage can be found in this Washington Post blog as well. 

The Wall Street Journal is reporting that the $300 billion Joint Strike Fighter (JSF) project has been breached. Lockheed Martin,  Northrup Grumman and BAE Systems are all involved in the project although it is unclear what network or networks were breached. There are likely numerous nation-state entities that would love to get their hands on this type of national security information. The question in my mind is if those responsible are working directly for a nation-state entity or if they are hoping to sell the information off to the highest bidder. Either way it is scary stuff. 

Links:

• In-depth coverage from WSJ
• Coverage on CNET

We reported on the Heartland Payment Systems breach yesterday. Today we are following up with a list of articles covering the breach. Information is still coming out and will be for a long time. That has not stopped the media from labeling this the biggest data breach of all time.

• Hearland Payment Systems press release. The company’s official position on the breach.
• USA Today: Hackers breach Heartland Payment credit card system. Good background and a comparison to the magnitude of teh TJX breach.
  
• ZDNet Blog: It’s a good day to disclose the largest credit card data breach ever . We are already jumping to the conclusion that this breach is bigger than TJX although there is noo such evidence at present to support this.
• ComputerWorld Blog: Biggest ever credit card data breach.
• KYPost.com: Hackers Prompt Local Bank To Disable Debit Cards. Interesting coverage showing the early impact of the breach on a small bank in Kentucky. This is the first of many to follow.

We will refrain from commenting on the breach until more solid facts emerge. We willcontinue to relay facts to our readers as they come.

Just about every news site that tracks computing, networking or security is reporting on the Heartland Payment Systems breach. Check out this coverage from CNET. Details are still sketchy and still emerging as is always the case in early-stage data breach reporting. These things take a long time and a lot of man-hours to analyze. We will likely be hearing about this one for months on end, especially if early reporting is correct in the scope and duration of the breach.

People are suggesting that this breach could beat the TJX breach in terms of the number of credit card accounts exposed to the intruders (”unknown hackers” at this point). The sheer volume of transactions handled by Heartland (100 million a month) makes this a potentially damaging breach to many consumers.  However, the company itself does not even know as of yet how many unique cards it has processed transactions with over the year or more that the intruders were active on their network. 

On BreachyBytes we most frequently focus on network security for enterprise networks. However I did stumble across an interesting article on Continuity Central that did a nice job breaking down the top ten threats to small and medium-sized businesses. Although these points are relevant to smaller businesses I think that many are applicable to large enterprises and home users as well. Here is their list:

1. Insiders
2. Lack of contingency plans
3. Unchanged factory defaults
4. The unsecured home
5. Reckless use of public networks
6. Loss of portable devices
7. Compromised WebServers
8. Reckless web surfing
9. Malicious HTML e-mail
10. Unpatched vulnerabilities open to known exploits

Read the article for more information.