FT : Identity Heist
Tuesday, August 18, 2009
The US brought criminal charges on Monday over the alleged theft of account details linked to 130m credit cards, a case of identity theft that far exceeds anything of its kind that has ever come to light before…..The scale of the security lapse came to light as the Department of Justice charged Albert Gonzalez of Miami with two counts of conspiracy. Two other, unnamed computer hackers who were said to be living “in or near Russia” were also charged. According to the DoJ, the three men infiltrated the systems of Heartland Payment Systems, a US company that processes credit card payments on behalf of thousands of US businesses. Heartland disclosed in January that it had been the target of a security breach, but the scale of the attack has not previously come to light.
The previous largest incidence of stolen credit card data was suffered by retailer TJX, in a 2006 case that involved more than 45m cards. While many of the credit card details stolen from TJX were for inactive cards, the Heartland case involved the theft of real-time data as it was entered by cardholders, meaning that the accounts were all active. The three conspirators planted software that intercepted the details of payments as they were being made, according to the DoJ’s complaint giving them payment data “on a real-time basis. Mr Gonzalez was also indicted last year in two other computer hacking attacks, including the TJX case…..The indictment includes allegations that the three stole card data from four other companies, including retailer 7-Eleven and Hannaford Brothers, a supermarket chain in Maine. The Heartland breach exposed a weakness in US credit card payment processing compared with Europe, said Avivah Litan, a security analyst at Gartner. While most European issuers have upgraded to a chip-and-pin system, the US relies on data carried in less-secure magnetic stripes. An estimated 20% of the cards comprised by the Heartland theft were issued in Europe, with 13m coming from one UK card issuer, Ms Litan said.