BreachBytes

The Wall Street Journal is reporting that the $300 billion Joint Strike Fighter (JSF) project has been breached. Lockheed Martin,  Northrup Grumman and BAE Systems are all involved in the project although it is unclear what network or networks were breached. There are likely numerous nation-state entities that would love to get their hands on this type of national security information. The question in my mind is if those responsible are working directly for a nation-state entity or if they are hoping to sell the information off to the highest bidder. Either way it is scary stuff. 

Links:

• In-depth coverage from WSJ
• Coverage on CNET

We reported on the Heartland Payment Systems breach yesterday. Today we are following up with a list of articles covering the breach. Information is still coming out and will be for a long time. That has not stopped the media from labeling this the biggest data breach of all time.

• Hearland Payment Systems press release. The company’s official position on the breach.
• USA Today: Hackers breach Heartland Payment credit card system. Good background and a comparison to the magnitude of teh TJX breach.
  
• ZDNet Blog: It’s a good day to disclose the largest credit card data breach ever . We are already jumping to the conclusion that this breach is bigger than TJX although there is noo such evidence at present to support this.
• ComputerWorld Blog: Biggest ever credit card data breach.
• KYPost.com: Hackers Prompt Local Bank To Disable Debit Cards. Interesting coverage showing the early impact of the breach on a small bank in Kentucky. This is the first of many to follow.

We will refrain from commenting on the breach until more solid facts emerge. We willcontinue to relay facts to our readers as they come.

Just about every news site that tracks computing, networking or security is reporting on the Heartland Payment Systems breach. Check out this coverage from CNET. Details are still sketchy and still emerging as is always the case in early-stage data breach reporting. These things take a long time and a lot of man-hours to analyze. We will likely be hearing about this one for months on end, especially if early reporting is correct in the scope and duration of the breach.

People are suggesting that this breach could beat the TJX breach in terms of the number of credit card accounts exposed to the intruders (”unknown hackers” at this point). The sheer volume of transactions handled by Heartland (100 million a month) makes this a potentially damaging breach to many consumers.  However, the company itself does not even know as of yet how many unique cards it has processed transactions with over the year or more that the intruders were active on their network. 

Robert Vamosi has a nice overview of two recent reports on his Defense in Depth blog, the first on data breaches and the second on identity theft. The interesting figures from both reports: 9/10 breaches could have been prevented by following best practices and 57% of identity thieves use the information to open new lines of credit (not too surprising).

A summary of the Verizon report on data breaches is available here while the entire report can be found here as a PDF. Likewise, a summary of the identity theft report can be found here and the full version here as a PDF.

Yesterday we reported on a breach involving 4.2 million credit card numbers at an unnamed retailer. Turns out the retailer is Hannaford Bros. grocery stores. The AP is reporting on the story but has little detail beyond what was available yesterday. Although this is not a breach at the TJX level, the compromise of 4.2 million customer credit card numbers is nothing to take lightly.