Remember those data breaches last year? The ones that hit Sony, and PS3 and SOE? Multiple times? The one that hit LOTRO? The one that hit Steam?
I blogged about it a couple of times in my blog for work. Because I felt it was just a primer for hackers going after credit card information and practice for them finding much bigger fish.
Apparently they found the bigger fish. 10 million credit cards compromised with a data breach that has Visa and MasterCard scrambling? Ouch!
Comments
They won't even take the write-off, the breach wasn't in their system but in a payment processor. They'll shove it up Global Payment's bottom line and their merchant account holders will be on the hook for all the fines. Because in a number of states now, the issuing bank and merchants where the cards were used are the ones required to report the breach to consumers, NOT the company that was actually breached. The deadline in most of them still runs from when the breach occurred, and in my state it would have already passed when the breach was announced.
A payment processor. Who's entire business is being a third party facilitator of ... credit card payments. The fourth largest such processor in the world. That's certainly bigger fish than Sony Online Entertainment or the Lord of the Rings Online Forums. The hack went directly after credit card information from a credit card processor.
This one doesn't even make it into the top five such attacks in the last five years. RBS lost 15 million unencrypted numbers, TJX, Hanford, and Cardsystems all cracked the 40 million mark, and Heartland managed to lose 130 million cards worth of raw magnetic strip reads. And that's just processors, PSN lost 12 million, Home Depot never did figure out how many they had stolen but over fifty million were reissued. Best Western, 7-11, and Citibank all cracked the 100 million marks.
Heck, the PSN hack netted 2 million more cards than this one. No amount of talk about the type of target makes this the bigger fish.