heartland data breach case study

Stop inbound email threats and drive security awareness.

Authenticate email and identify risky suppliers.

Protect identities in hybrid enterprises from account takeover.

Defend data and manage insider threat.

Leverage proactive expertise, operational continuity and deeper insights from our skilled experts.

Human-centric cybersecurity packages from Proofpoint. Complete protection against today's risks—tailored to your organization's unique needs. Maximize security. Optimize value.

Protect your people from email and cloud threats with an intelligent and holistic approach.

Help your employees identify, resist and report attacks before the damage is done.

Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats.

Manage risk and data retention needs with a modern compliance and archiving solution.

Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk.

Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email.

Implement the very best security and compliance solution for your Microsoft 365 collaboration suite.

Secure access to corporate resources and ensure business continuity for your remote workers.

Protect your email deliverability with DMARC.

Today’s cyber attacks target people. Learn about our unique people-centric approach to protection.

Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Learn about Proofpoint Extraction Partners.

Learn about our global consulting and services partners that deliver fully managed and integrated solutions.

Learn about our relationships with industry-leading firms to help protect your people, data and brand.

Learn about the technology and alliance partners in our Social Media Protection Partner program.

Small Business Solutions for channel partners and MSPs.

Find the information you're looking for in our library of videos, data sheets, white papers and more.

Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape.

Learn about the human side of cybersecurity. Episodes feature insights from experts and executives.

Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts.

Learn about the latest security threats and how to protect your people, data, and brand.

Connect with us at events to learn how to protect your people and data from ever‑evolving threats.

Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges.

Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity.

Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks.

Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people.

Stand out and make a difference at one of the world's leading cybersecurity companies.

Read the latest press releases, news stories and media highlights about Proofpoint.

Learn about how we handle data and make commitments to privacy and other regulations.

Learn about our people-centric principles and how we implement them to positively impact our global community.

Access the full range of Proofpoint support services.

Throwback Thursday: Lessons Learned from the 2008 Heartland Data Breach

What’s the worst thing that could happen in a data breach? If you said millions of dollars in losses, a business forced to go on hiatus, scores of compliance violations and tons of bad press, then you might have worked at  Heartland Payment Systems back in 2008 .(Although the breaches took place over several months in 2008, the company did not go public with the findings until January 2009.)

The Fortune 1000 company, which specializes in payment, point-of-sale and payroll systems, suffered one of the worst data breaches in history. Here’s a quick recap of the breach:

The Details

The company was first notified by Visa and MasterCard in October 2008 about suspicious transactions stemming from accounts Heartland processed. Suspecting a cyber attack, Heartland hired cybersecurity forensics experts to investigate the issue. It took more than two months to unravel the mystery.

Computers used to process payment transactions had been compromised by an SQL injection attack in 2007. The attack modified the code on a web script, giving attackers access to a web login page. The attack, undetected for months as it moved through Heartlands' system, found enough data to create new physical credit cards, including the data coded into the card’s magnetic strip.

The outcome

In 2009, Albert Gonzalez (later sentenced to 20 years) and two partners in crime were indicted for the attack. But the damage was done. Heartland lost its PCI DSS compliance for four months and lost hundreds of customers. The total monetary loss to the company, including compensating victims, was more than $200 million. Heartland's stock price fell 50% within days of announcing the breach, sinking more than 77% in the ensuing months. It was by far the most damaging publicly reported cyber attack at the time.

Here are a few lessons we can all learn from the attack.

Be transparent

Even though  Heartland discovered the breach in late 2008 , one of its early priorities was disclosing the breach to the public in the right way. It waited until authorities had finished their initial assessment. The announcement fell on President Barak Obama’s Inauguration Day, January 20, 2009 – causing critics to accuse the company of trying to bury the news.

Public disclosure isn't easy and usually results in damage. But in the end notifying your customers and keeping them updated in an honest and transparent way is the best way to limit the damage and avoid a total loss of public opinion. It's also a legal requirement. Organizations now must disclose breaches to the public within 30 days after they're discovered.

Respond quickly

Once your breach is discovered, you need to act quickly to contain the breach and close any potential security flaws that could lead to more attacks. After their leak, Heartland initiated a plan to encrypt card data at the point that it’s swiped so it isn’t as vulnerable when moving over networks.

Make sure all third-party systems are secure, not just high-profile servers

Most companies focus on their most critical servers when considering IT security. But attackers don’t care whether they get in through a critical security server or one that controls your HVAC. In attacks, all third parties ARE created equal. Even if an outside vendor or partner manages a less critical system, make sure it's secured.

Don't confuse compliant with secure

At the time of the breach,  Heartland was PCI DSS compliant . Unfortunately, too many companies feel that the bare minimum compliant software is enough to keep them secure. Regulations such as PCI can’t cover every business' specific needs. Although compliance and security frameworks can help, evaluate your own IT security needs, not just general guidelines.

Remember that firewalls are not a failsafe

As Heartland showed, firewalls become essentially useless once a user gets inside them. In today's business environment, people are the new perimeter. Gonzalez got into their system and was able to spend as much time as he needed undetected because Heartland put too much faith in their outer level security.

Even though this breach happened over six years ago, the lessons Heartland learned can still be applied to any business. Adapt to the new threats facing companies today and take a people-centric approach to cybersecurity to become truly secure—and be honest with the public when things go wrong.

Read about our last Throwback Thursday blog post called, “ Throwback Thursday: Firstsource Data Breach Leaves Workers Suspended .”

Subscribe to the Proofpoint Blog

• Share full article

Advertisement

Supported by

Credit Card Processor Says Some Data Was Stolen

By Eric Dash and Brad Stone

• Jan. 20, 2009

Heartland Payment Systems, a major payment processing company, disclosed a data breach on Monday that potentially exposed tens of millions of credit and debit cardholders to the risk of fraud in what could quickly become one of the country’s biggest data compromises.

Robert H. B. Baldwin Jr., Heartland’s president and chief financial officer, said that his company believed the card numbers, expiration dates, and in some cases cardholder names were exposed after attacks on its computer systems at the one point where data had been unencrypted.

Once consumers swiped their cards, so-called sniffer software captured that data as Heartland sought authorization from the major payment companies and banks. Customers of Visa, MasterCard, American Express and Discover Financial were all vulnerable.

“We have industry-leading encryption, but the data has to be unencrypted to request the information,” Mr. Baldwin said. “The sniffer was able to grab that authorization data at that point.”

Data thieves introduced the software as early as May, but Heartland did not detect the breach until it was alerted to the activity in late fall. The personal data of 600 million or more cardholders was vulnerable, but data security experts suggested data from far fewer accounts had been extracted. Other confidential information, like personal security codes, is not believed to have been compromised. That might limit damages.

Even so, the Heartland breach could wind up rivaling some of the largest data thefts. In January 2007, the discount retail chain TJX revealed that data on more than 45 million customers had been compromised . And 40 million cardholder accounts were exposed in the 2005 data compromise at a tiny payment processor, CardSystem Solutions.

Avivah Litan, a data security analyst, said that the Heartland breach could result in hundreds of millions in losses and other expenses. “If you add it all up, including legal costs, it could be as much as half a billion dollars in losses — or twice as big as TJX,” she said.

Mr. Baldwin said that Secret Service officials investigating the breach suggested that the thieves involved in the attack might be part of an “international ring of hackers that are introducing breaches at a number of financial institutions.”

The Heartland breach also showed that in spite of the adoption of more stringent standards and tougher oversight by banks and credit card companies, consumers are still vulnerable. All this is happening after credit card companies and merchants spent over $2 billion on establishing the Payment Card Industry standards, Ms. Litan said. “And yet the breaches continue and they get more serious.”

Heartland, based in Princeton, N.J., works with about 175,000 small merchants and processes about 100 million transactions a month. It has created a Web site, 2008breach.com, to provide information about the incident. Cardholders are not responsible for unauthorized fraudulent charges.

A Guide to Digital Safety

A few simple changes can go a long way toward protecting yourself and your information online..

A data breach into your health information  can leave you feeling helpless. But there are steps you can take to limit the potential harm.

Don’t know where to start? These easy-to-follow tips  and best practices  will keep you safe with minimal effort.

Your email address has become a digital bread crumb that companies can use to link your activity across sites. Here’s how you can limit this .

Protect your most sensitive accounts by creating unique passwords and adding extra layers of verification .

There are stronger methods of two-factor authentication than text messages. Here are the pros and cons of each .

Do you store photos, videos and important documents in the cloud? Make sure you keep a copy of what you hold most dear .

Browser extensions are free add-ons that you can use to slow down or stop data collection. Here are a few to try.

To revisit this article, visit My Profile, then View saved stories .

• Backchannel
• Newsletters
• WIRED Insider
• WIRED Consulting

Albert Gonzalez Pleads Guilty in Heartland, 7-11 Breaches -- Updated

Appearing in federal court in Boston, Gonzalez, a former Secret Service informant, pleaded guilty to two counts of conspiracy to gain unauthorized access to computers, and to commit wire fraud. In a plea deal, prosecutors have agreed to seek a sentence of no more than 25 years, and Gonzalez has agreed to ask the court for no less than 17 years in prison.

U.S. District Judge Douglas P. Woodlock set the sentencing date for March 19.

Gonzalez, 28, is already facing a likely 15 to 25 years in two earlier federal cases involving intrusions into Dave & Buster's restaurants and the retail company TJX. Gonzalez is set to be sentenced in these cases on March 18. Prosecutors have asked for his sentences in the three cases to run concurrently.

The newest plea comes one week after a former Morgan Stanley programmer was sentenced to two years in prison for providing Gonzalez with a sniffing program that was used to siphon card data from the TJX network.

Two weeks ago, one of Gonzalez's attorneys filed a psychiatric evaluation with the court pleading for the minimum sentence for him and suggesting that Gonzalez might suffer from Asperger’s Disorder, and therefore may not have had the “capacity to knowingly evaluate the wrongfulness of his actions.”

Gonzalez, known by the online nicks “segvec” and “Cumbajohnny,” was charged in August in New Jersey, along with two unnamed Russian conspirators, with hacking into Heartland Payment Systems , a New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed "major" national retailers identified only as Company A and Company B. Earlier this month, the case was transferred from New Jersey to Massachusetts.

On Monday, Company A filed a sealed motion in Boston and a request for oral argument in the case.

The court docket doesn't indicate the nature of the filings, but in November, Company A filed a letter with the court indicating that it might intervene in the case to obtain a protective order to ensure the company's "dignity, privacy and anonymity."

Prosecutors told Threat Level in August that they were not identifying the two anonymous retailers because the companies have never acknowledged publicly that they were breached.

Judge Woodlock indicated on Tuesday that he was reserving his decision on whether to continue the protective order on the identification of Company A.

More than 40 states have breach laws that require companies to notify customers living in those states if they are victims of a breach. But if no sensitive customer data was stolen or otherwise compromised from the two unidentified companies, they would be under no legal obligation to publicly disclose the breach.

According to the indictment, Company A was breached sometime around Oct. 23, 2007. The hackers used a SQL injection attack to gain access to its network and install malware.

Reece Rogers

David Gilbert

Scott Gilbertson

Andy Greenberg

Company B was breached in January 2008, also through a SQL injection attack.

The indictment doesn't indicate if the hackers actually succeeded in stealing card data from either of the companies, although it does reveal that around Nov. 6, 2007, Gonzalez transferred a computer file named “sqlz.txt” to a Ukrainian server he controlled, and that the file "contained information stolen from Company A’s computer network."

Around April 22, 2008, the indictment indicates that Gonzalez modified a file on the Ukrainian server that contained computer log data that was stolen from Company B’s computer network.

The New Jersey indictment charges Gonzalez and cohorts with stealing information on more than 130 million cards from the five companies mentioned in the indictment. But Assistant U.S. Attorney Erez Liebermann of the Justice Department’s New Jersey district office told Threat Level in August that the "vast majority" of the 130 million cards were stolen in the breach of Heartland Payment Systems.

Shortly after Tuesday's hearing, Reuters news agency published a report saying that Target has admitted that it was one of Gonzalez's previously unidentified victims.

Target told Reuters that it had been hacked about two years ago, but doesn't say specifically that Target was Company A or Company B, though Reuters implies that it was one of the two companies mentioned in the New Jersey indictment. Last August, reporter Evan Schuman at Storefront Backtalk was the first to report that Target was among Gonzalez's victims. [Assistant U.S. Attorney Erez Liebermann has since told Threat Level that Target is neither Company A nor Company B in the New Jersey indictment.]

A Target spokeswoman wouldn't tell Reuters how many card numbers were stolen, but said that the period in which cards were exposed to the hackers was brief.

"A previously planned security enhancement was already under way at the time the criminal activity against Target occurred," company spokeswoman Amy Reilly told Reuters. "We believe that, at most, only a tiny fraction of guest credit and debit card data used at our stores may have been involved."

She said Target had notified card issuers, who were then put in the position of notifying customers.

According to a sentencing memo filed by Gonzalez's attorney in the TJX case, Gonzalez told prosecutors that the two Russian hackers breached at least four card processing companies, as well as a series of foreign banks, a brokerage house and several retail store chains. The two hackers are identified in court documents only by their online nicknames, "Grigg" and "Annex."

According to the memo, Gonzalez described how “Grigg” and “Annex” hacked into Hannaford Brothers through a vulnerability in the computer systems of Hannaford’s parent company Delhaize. He gave prosecutors the information nine months before he was indicted in August 2009 on charges that he and the two Russians hacked into Hannaford.

“Gonzalez made complete disclosure of information ranging from how weaknesses in the corporate security systems were identified, how data was exported from the companies, how it was stored on foreign servers in the Ukraine and Latvia, how stolen data was de-encrypted and by whom, how profits were received via web-currency, who was involved in the flow of currency, and the identities of two persons who were used as couriers of money to Gonzalez,” according to the document.

By identifying intrusions that “had not yet been detected,” his lawyer wrote, Gonzalez helped the companies institute protective measures to secure their data and prevent future breaches.

This post was updated with information identifying Target as one of Gonzalez's victims.

Photo courtesy of U.S. law enforcement

Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack - TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison

• TJX Hacker Will 'Never Commit Any Crime Again'
• Document Reveals TJX Hacker's Assistance to Prosecutors
• TJX Hacker to Plead Guilty to Heartland Breach
• TJX Hacker Charged With Heartland, Hannaford Breaches
• TJX Suspect Was Near Plea Agreement Until New Charges Halted Talks
• Accused TJX Hacker Agrees to Guilty Plea — Faces 15 to 25 Years
• Card Processor Admits to Large Data Breach
• Former Teen Hacker's Suicide Linked to TJX Probe
• I Was a Cybercrook for the FBI
• Bullion and Bandits: The Improbable Rise and Fall of E-Gold
• Hacking Godfather 'Maksik' Sentenced to 30 Years by Turkish Court
• Stakeouts, Lucky Breaks Snare 6 More in Citibank ATM Heist

Makena Kelly

Dell Cameron

David Nield

Payment Processor Heartland Reveals Massive Data Breach

"We found evidence of an intrusion last week and immediately notified federal law enforcement officials as well as the card brands," Robert Baldwin, Jr., Heartland's president and CFO, said in a statement. "We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice."

Visa and MasterCard first alerted the Princeton, N.J.-based company after noticing suspicious activity involving processed card transactions, Heartland said.

Heartland Payment Systems offers credit, debit, prepaid card processing, payroll, check management and payments solutions to more than 250,000 business locations nationwide, the company said.

Baldwin told the New York Times that key information, such as card numbers, expiration dates, and cardholder names may have been exposed after malware intrusion attacks on its processing systems, where data had been left unencrypted.

Sniffer software was used to capture data that was exposed as Heartland sought authorization from the major payment companies and banks, Baldwin told the Times. Users of Visa, MasterCard, American Express and Discover Financial cards were vulnerable.

"We have industry-leading encryption, but the data has to be unencrypted to request the information," Baldwin said. "The sniffer was able to grab that authorization data at that point."

The personal data of 600 million or more cardholders was left vulnerable, but data had apparently been extracted from far fewer accounts.

The Heartland breach could become the country's largest of its kind, rivaling the January 2007 breach of the discount retail chain TJX that compromised data of more than 45 million customers.

Heartland says it has taken steps to secure its systems, and that it will implement a next-generation program designed to flag network attacks and notify law enforcement authorities.

"Heartland apologizes for any inconvenience this situation has caused," Baldwin said in a company statement. "Heartland is deeply committed to maintaining the security of cardholder data, and we will continue doing everything reasonably possible to achieve this objective."

• Identity Theft
• Data Breaches
• Data Privacy
• Public Records

Heartland Payment Systems Breach, What Lessons to be Learned

Table of contents.

• When Was the Heartland Data Breach?
• How to Check if Your Data Was Breached
• What to Do if Your Data Was Breached
• How Did Heartland Payment Systems Respond?
• Can Heartland Security Breach Information be Used for Identity Theft?
• What to Do to Protect Yourself
• By David Lukic
• Published: Nov 27, 2020
• Last Updated: Mar 18, 2022

Much like the story of the Titanic, the Heartland payment systems breach teaches us that you can never be too confident. Back in 2008/2009, Heartland Payment Systems suffered a massive data breach at the hands of two Russian hackers who installed malware on their systems and exploited SQL vulnerabilities. They made off with 100 million debit and credit card numbers. The scandal hit Heartland pretty hard, and they took cybersecurity seriously and implemented dozens of security measures. But they got a bit too confident. In 2015, they issued this data breach warranty to their customers:

“Heartland Payment Systems is so confident in the security of its payment processing technology that, on Jan. 12, it announced a new breach warranty for its users. The warranty program will reimburse merchants for costs incurred from a data breach that involves the Heartland Secure credit card payment processing system.”

Unfortunately, after the first Heartland breach, on May 8, 2015, Albert Gonzales broke into their offices and stole unencrypted computers with details on payroll customers like social security numbers and banking information. Their boldness cost them $140 million in fines and penalties as a result.

The first Heartland Payment Systems security breach occurred back in 2008 and 2009. The latest data breach occurred in May of 2015 and was perpetrated by only one man who was sentenced to 20 years in federal prison.

If you were a payroll customer of Heartland Payment Systems in 2015, you were most likely affected by the data breach . The earlier breach was much more expansive, and you would have been contacted by Heartland to respond. Once the dust settled on this latest breach, Heartland paid the fees and alerted their customers but lost market share in the mix.

If you were affected by the Heartland Payment Systems breach, you should take some precautionary measures and formulate an ongoing plan of continued diligence.

• Cancel any credit cards related to or used by Heartland Payment Systems.
• Contact your bank and have your bank account number changed.
• Routinely get a copy of your credit report and sign up for monitoring ( IDStrong.com does both of those for you).
• Check your credit card and bank statements carefully, always watchful for fraud.

Soon after the May 2015 incident, Heartland responded with a statement:

“We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand. Heartland continues to monitor the situation carefully and has increased its internal security and review procedures to watch for any unusual activity.”

From 2009 until 2015, Heartland thought they were un-hackable, but they didn’t count on the theft of their computers. Hopefully, after this, they will take additional steps to secure the physical hardware residing in their offices and encrypt all data everywhere.

Yes. The information acquired by hackers and the thief were enough to steal your identity. Many customers lost names, email addresses, home addresses, social security numbers, and other personal banking details. All criminals need is a thread to pull before your entire identity unravels before them. Be extra cautious about phishing emails after a data breach.

Data breaches seem to be a regular occurrence in all areas of life these days. It may seem impossible to protect yourself, but it is not. Simply employing a bit of common sense can go a long way. These steps should also help you stay safe:

• Keep your computer updated with security patches and antivirus software; run deep scans often.
• Change your online passwords frequently and use really long, complex ones.
• Consider a credit freeze to keep criminals from opening new accounts in your name.
• Never give out your personal details to anyone who contacts you via phone or email.
• Do not click links or open attachments in email.
• Watch out for phishing scams and other suspicious (urgent) emails.
• Always sign up for 2-factor authentication when it is offered on websites.

David Lukić is an information privacy, security and compliance consultant at idstrong.com. The passion to make cybersecurity accessible and interesting has led David to share all the knowledge he has.

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

1 in 4 Americans Fall Victim to Identity Theft. Beat the Statistics. Protect Your Information Start by Running a Free Instant Identity Threat Scan

Latest Articles

What is an on-path attack and how does it work .

Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

What is PPP Loan Fraud?

When the pandemic hit in 2020, our world became chaotic overnight. Throughout the nation, individuals were met with layoffs or stringent checks—pushing the financials of families to their breaking points.

Cementitious Vendor—CGM—Network Compromised by 315k Data Breach

Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products.

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia.

Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures

INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness.

Weekly Cybersecurity Recap February 16

This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii.

462k Hawaiians and Patients Exposed by Health Network Cyberattack

Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers' roles to achieve those milestones.

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings.

PJ&A Transcription Releases Update; 13.3 Million Exposures from 2023 Breaches

Perry Johnson & Associates (PJ&A) is a medical transcription organization based in Nevada. Since the public learned about PJ&A's breach, we have featured it whenever large healthcare networks have announced data breaches stemming from their incident and when officials present updates.

Connecticut College Announces Breach Investigations from March 2023

Connecticut College (CC) is a private campus institution in New London, CT; initially opened as a women's college, the institution today serves a 2k-student population and offers more than 40 degree programs.

Massive Renal Care Network Announces Breach via HealthEC’s 2023 Incident

U.S. Renal Care (Renal) is a 32-state, 400-location, 26k-patient healthcare provider primarily concerned with kidney disease and longevity; Renal offers in-facility and at-home dialysis solutions.

Weekly Cybersecurity Recap February 9

This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive's event, which impacted 155k student guardians.

Credit Union Struggles Following Ransomware; SSNs of 61k Stolen

The Bayer Heritage Federal Credit Union has headquarters in West Virginia. Like other unions, they offer various services that assist members in saving and investing no matter their life phase.

Retirement & Life Insurance Provider Responds to Application Disruptions

Infosys McCamish Systems (IMS) is a subsidiary of Infosys, a global outsourcing organization. IMS is primarily concerned with delivering life insurance and retirement solutions for clients of Infosys.

Verizon Employee Data Compromised

Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc.

Orthopaedic Surgeon Group Breached by Vendor Cyberattack; 307k Exposed

Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa's capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery.

Bankers Life—Retirement Solutions Provider—Faces Member Data Breach

Bankers Life and Casualty Company (Bankers) is a nationwide retirement solutions provider. Their services assist members in maintaining and stretching their retirement income, paying for health and treatment programs, finding excellent retirement care, and assisting families with final expenses.

Education Transport and Ride Share Organization Updates on 155k Breach

HopSkipDrive is an education solution that assists guardians with their unique transportation needs; from planning bus logistics to utilizing live ride-share options, HopSkipDrive is a family's best resource for education transportation.

GEICO Finds Employee Personal Data Exfiltrated via 2023 MOVEit Breach

The Government Employees Insurance Company (GEICO) is a privately owned insurance group with 70 branches in the US. They provide insurance plans for all aspects of life, including auto, motorcycle, travel, pet, homeowner, renter, and jewelry options.

Weekly Cybersecurity Recap February 2

This week started with a cyber event targeting a Californian insurance brokerage, Keenan & Associates; the assailants garnered over 1.5 million records from the attack.

ITRC 2023 SMB Impact Report; Experts Predict Fraud Tsunamis in 2024 and Beyond

The Identity Theft Resource Center (ITRC) is a non-profit organization that minimizes and mitigates the risks of identity threats.

Mortgage Lender Breached, 200k Exposed by LockBit’s Citrix Bleed

Planet Home Lending (PHL) is a real estate and homeowner agency that assists consumers in finding and financing lasting homes.

Understanding Key Differences of IOA and IOC in Cybersecurity

Effectively responding to cyber threats is all about speed and information. Defense specialists must react quickly to repel attacks and mitigate damages.

Understanding Transport Layer Security (TLS) and Its Mechanisms

We don't think about it much, but moving data from our devices to various online locations is a complex process. It's just a single click for us but involves countless communications between servers.

Inside A Zero Day Vulnerability: What to Know for Cybersecurity

Zero-day vulnerabilities have transformed into something of a boogeyman for business owners. They represent a significant threat to sensitive information and assets but are extremely challenging to respond to.

How to Check If Someone Is Using My Identity

Nowadays, digital transactions and virtual interactions aren't exactly optional. People can't keep their information off the web due to professional reasons, and many processes are exponentially more convenient through an online profile.

Another Insurance Broker Breached; 1.5 Million Consumers Compromised

A Californian insurance brokerage offering insurance and budgetary solutions for schools, community agencies, and healthcare organizations—Keenan & Associates, has announced a significant data breach.

Experts Discover Compilation Database Storing 26 Billion Leaked Records

Security Discovery is a cyber risks analyst and solution provider. They are an industry leader with a significant track record of discovering data breaches overlooked by their competitors.

Weekly Cybersecurity Recap January 26

This week in cybersecurity saw billions of records fall into the hands of criminals. The week began with a report of 132k records compromised from an Indiana healthcare system.

National Brokerage Agency Breached in Oct 2023 Attack; 105k Records Exposed

First Financial Security, Inc. (FFS) is a nationwide insurance brokerage agency that assists insurance representatives in training, equipment, and licensing.

Massive 344k Record Data Breach Following Credential Stuffing in Texas

Photo by loganrickert licensed under CC BY 2.0 DE Deli Management, Inc. does business as Jason's Deli. It is an organization with over 250 deli shops located in 28 states.

LoanDepot Updates on Cyberattack; 16.6 Million Potentially Compromised

Based in Irvine, California, LoanDepot is a nationwide mortgage lender. Their solutions assist homeowners in purchasing land and obtaining reasonable equity costs.

Weekly Cybersecurity Recap January 19

This week was slow in the cybersecurity breach world; a combined 775k records got exposed stemming from two health centers (Singing River Health and Harris Center for Mental Health and IDD) and a nationwide mortgage lender (Academy Mortgage Corporation); a communications security solution (Egress) released a risk report urging action of business leaders; and Kansas State University suffered widespread disruptions, potentially compromising the sensitive data of their students and faculty.

Cyberattack Darkens Kansas State University, Network Disruptions Rampant

Kansas State University (K-State) is below Tuttle Creek Lake in northeast Kansas. The university serves 20,000 students, employs a complex faculty of emeritus, postdocs, and graduates, and offers over 50 programs.

Traditional Email Security is Failing; Business Leaders Must Evolve

Egress Software is a cybersecurity firm specializing in digital communications. They analyze security risks within emails, messaging, documents, file-sharing gateways, and more.

Academy Mortgage Faces Disruptions; Employee and Borrower Data Compromised

Academy Mortgage Corporation (AMC) is a nationwide mortgage lender and home loan estate professional group. The organization has over 200 branches throughout the US and numerous loan, mortgage, and financing options.

Singing River Health Strangled by Network Ransomware Encryptions

Singing River Health System (SRHS) is a healthcare network located in the tail of Mississippi (and northern Alabama). They provide a comprehensive network of medical services for residents, including cancer, emergency, hospice, pediatrics, and urgent care.

Mental Health Center Targeted by Disruptions, Quarter of a Million Exposures

The Harris Center for Mental Health and Intellectual and Developmental Disabilities (IDD) has six regional locations and assists those with behavioral health and developmental needs.

Blue’s NASCO Updates: 1.6 Million Records Exposed by MOVEit

NASCO provides various healthcare solutions to serve Blue Cross and Blue Shield members. They offer a comprehensive portfolio of services and use industry insights to project the needs of their 20 million clients.

Weekly Cybersecurity Recap January 12

This week's featured cyber incidents included a combined 2.3 million, although one event remains under investigation. The week began with an update from the Edmonds School District regarding their January 2023 breach, which exposed 145,844 individuals.

Cooper Aerobics Network Targeted by Cyber Incident, 90k Exposures

Cooper Aerobics is a health and lifestyle entity concerned with providing comprehensive wellness solutions. As a business organization, their brand includes The Cooper Institute, a Clinic, a Fitness Center, a Spa, a Vitamin line, Wellness Strategies, and a Hotel.

Medical Services Targeted: Half a Million Records Stolen in May 2023 Cyber Event

Electrostim Medical Services Inc. (EMSI) is a healthcare servicer in Tampa, Florida. They create and disperse home electrical stimulation devices, brace accessories, pain management solutions, and physical rehabilitation tools.

Another Mortgage Lender Embattled; LoanDepot Faces Disruptions

LoanDepot is one of the nation's most widespread nonbank mortgage lenders, offering financial solutions and opportunities to homeowners.

School District Updates on Event: Victim Number Continues to Rise

Edmonds School District (ESD) is in south Snohomish County, Washington. The district involves 35 schools, including Brier, Edmonds, Lynnwood, and Woodway institutions.

Half a Million Patients Exposed in North Kansas Hospital Vendor Breach

The North Kansas City Hospital (NKCH) is just north of the Missouri River in North Kansas City, Missouri. The hospital boasts a considerable campus with 450 beds and over 100 more physicians.

Weekly Cybersecurity Recap January 5

This week, 2024, started with destructive numbers. Transformative Healthcare was featured early on; their breach happened in February 2023 and may impact over 900k people, including patients and former FAS employees.

What is an EMV Chip Card, and How Does it Store Your Data?

For over a decade, the magnetic stripe was the authentication tool behind modern-day credit cards. Magnetic stripe technology was developed in the late 1960s, but it took time before widespread use.

Integris Health’s Breach—Oklahoma Patients Extorted, Jan. 5th Deadline

Image: "INTEGRIS Grove Hospital" by Todd Stogner, CC BY-SA 3.0. Integris Health is one of Oklahoma's largest medical networks; they operate hospitals, clinics, and urgent care from their 24 non-profit campuses.

Hundreds of Thousands of Records Stolen from Washington Cancer Center

Fred Hutchinson Cancer Center (FHCC) is a three-location care network that delivers solutions for cancer patients. They are an independent organization that provides experience for the University of Washington's Medicine programs.

Boston-Based Community College, Bunker Hill, Updates on 2023 Ransomware Event

Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities.

The First Breach of 2024: Transformative Healthcare; Data Stolen from +900k Victims

Photo by Mangocove under CC BY-SA 4.0 DEED Our first breach report of 2024 concerns Boston's retired Fallon Ambulance Service (FAS).

Paramount Parent Company, National Amusements, Announces Data Breach a Year Later

National Amusements (NA) is in Norwood, Massachusetts. They are the majority shareholder for media sources, including CBS, Viacom, and Paramount.

Weekly Cybersecurity Recap December 29

This week caps off our year of cyber breaches; in this week alone, we saw millions of records stolen, targeted health providers, mortgage servicers crumble, and the return of a year-old breach.

Fidelity’s LoanCare Announces 1.3 Million Borrowers’ Records Exfiltrated

LoanCare is a sub-servicing entity that assists mortgage loan providers with finance and data functions; they service over 1.5 million customers across the states and beyond.

112k Records Stolen from Population Health Analytics Platform, HealthEC

HealthEC (HEC) is an analytics and AI-assisted solution that siphons all relative information about patients into cohesive packages.

Welltok’s MOVEit Breach Continues; Another 2 Million Records Harvested

Welltok provides a multi-use platform allowing institutions and individuals to manage their health and well-being. It is a third-party solution that caters to clinics, health networks, industry leaders, and private clinics.

Ransomware Criminals Steal 2.7 Million Records from Emergency Software

ESO Solutions is a primary software developer and analytics platform for emergency and associated services; its programs connect emergency response agencies, fire departments, hospitals, and state response offices.

Xfinity Writhes; 36 Million Records Breached via Vendor Vulnerability

Xfinity is the name of Comcast Communications' internet, TV, and phone service; it is the most significant cabled internet service in the states, with more than 32 million residential customers.

Weekly Cybersecurity Recap December 22

This week was devastating for data breaches. Across the US, cybercriminals stole the information of 58.4 million consumers, patients, and students.

Exploring the Pros and Cons of Purchasing Cryptocurrency with PayPal Wallet

The explosive growth of cryptocurrencies was nothing short of extraordinary. Even the most doubtful among us couldn't help but put a few dollars in to see what would happen.

Best Practices to Prevent E-commerce Fraud

Roughly 20 percent of all retail sales occur online. This statistic may sound lukewarm now, but e-commerce is rapidly becoming the lion's share of global transactions.

Embezzlement: Definitions and the Anatomy of Financial Fraud

Embezzlement is an internal crime that someone commits against their organization. The perpetrator's inside knowledge helps them avoid detection and clean up the evidence.

MOVEit Claims 7 Million More; Patients of Delta Dental of California and Others

Delta Dental of California (DDC), Delta Dental Insurance Company, Delta Dental of Pennsylvania, and other subsidiaries may have exposed data; the compromised data is not a product of the organizations.

New Details Provided for 270k Records Leaked in National Student Clearinghouse MOVEit Event

The National Student Clearinghouse (NSC) is a provider of comprehensive skill sets; they work to better prepare students for success through grade school and during the transition into the workforce.

14.7 Million Homeowners Exposed in Nationstar Mortgage/Mr. Cooper Event

We reported on Mr. Cooper—one of the nation's largest mortgage providers—a month ago. Mr. Cooper was featured as they dealt with the throws of a cybersecurity event.

Welltok’s MOVEit Breach Returns; Data Stolen from 17 West Virginia Hospitals

The West Virginia University Health System (WVUHS) contains multiple institution locations, hospitals, and clinics. Welltok is a communications platform that allows patients and physicians to speak while encouraging healthy lifestyles.

Cybercriminals Target the Heart of Arizona; 484k Records Stolen from Cardiovascular Group

In the Valley of the Sun, Cardiovascular Consultants Ltd. (CVC) provides clinical, surgical, and consultation services; the Phoenix-based cardio group serves 11 of the region's hospitals—offering a range of assistance for patients and physicians.

Weekly Cybersecurity Recap December 15

This week, cybercriminals again targeted US medical records and patient identities. The attacks started with a 2.5 million record breach from Kentucky's Norton Healthcare circuit, including data from pediatric patients.

Assailants Attack Illinois Medical Center; 147k Patient Records Stolen

Southern Illinois Healthcare oversees the operations of Harrisburg Medical Center (HMC), a not-for-profit community hospital with over 70 beds and 140 physicians.

Oregon Healthcare Provider Suffers Employee Email Data Breach

In Oregon, the Neuromusculoskeletal Center of the Cascades and Cascade Surgicenter collectively are "The Center. " The professionals that work there are highly trained doctors from many fields, including physiatry, occupational medicine, neurosurgical, and orthopedic care.

Anheuser-Busch Distributor, Ben E. Keith, Network Breach Update

"The Ben E. Keith East Texas Division in Commerce, Texas (United States)" by Michael Barera is licensed under CC BY-SA 4.0. Source: Wikimedia Commons

Ransomware Hits Kentucky Healthcare Network, Exposing Data of 2.5 Million

Norton Healthcare consists of over 430 locations between Kentucky and Indiana. The clinics meet over two million a year, including adult and pediatric patients.

Experts Urge Complete Cybersecurity Defense—2.6 Billion Records Exposed by Cyberattacks in 2 Years

Cybersecurity breaches are at epidemic proportions; in the last two years, cybercriminals have stolen over 2.6 billion consumer records from thousands of organizations.

Weekly Cybersecurity Recap December 8

This week's data breaches contained significant impact figures from around the world. Malware on a vendor's computer inadvertently breached Japan's Line Messenger.

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Japan’s Line Messenger Embattled; 440,000 at Risk for Exposure

Line Messenger is a communication app that allows users to communicate for free by sending messages and making voice calls. Japan's mega-corporation, LY Corp.

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer's dream; they offer low-priced goods for families in 8,200 locations nationwide.

Weekly Cybersecurity Recap December 1

This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International.

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly.

1.9 Million Records Stolen from Human Resource Analytics Company Zeroed-In

Zeroed-In Technologies offers curated human resource solutions and analytics to organizations. Among those who use their services are the City of Detroit, Dollar Tree, Family Dollar, and the U.S. Department of Defense.

Hackers Breach North Carolina’s RHCC; Over 60,000 Patients Suffer Data Loss

Robeson Health Care Corporation (RHCC) is a healthcare network serving North Carolina residents. They offer behavioral, dental, general, and outreach services in nine locations across six counties.

Welltok’s MOVEit Breach Returns, Another 426k Records Exposed

Welltok operates an online wellness program various organizations use to encourage healthy lifestyles. They've been in our news frequently as the global MOVEit breach continues.

Weekly Cybersecurity Recap November 24

This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records.

Work Management Company NSC Tech, Suffers 50k Employee Record Breach

NSC Technologies is a workforce management solution pairing perfect prospective candidates with companies desiring long-term employees.

Delaware Life Insurance MOVEit Breach Exposes Producer and Client Data

Group 1001 is the parent company of Delaware Life, a long-term financial consultant for organizations. Delaware Life uses a third-party vendor, Pension Benefit Information (PBI), for analysis and research services.

MOVEit Vulnerability Victimizes AutoZone, 185k Records Stolen

AutoZone is a vehicle parts replacement provider and servicer. Hosting over 5,300 stores across North America alone, AutoZone is a recognizably local option for car owners stateside.

Finance Solutions Provider Systems East Suffers 200k+ Data Breach

Based in Central New York, Systems East, Inc. , is a finance, billing, and payment solution for commercial software products.

Stanford Health Network Announces MOVEit Breach

Stanford Health Care Alliance encompasses children's hospitals, care plans, medicine partners, scholars, and the Stanford University faculty.

Weekly Cybersecurity Recap November 17

Breaches were rampant this week, impacting as many as 15 million individuals. The State of Maine announced that it bled 1.3 million resident records due to the global MOVEit vulnerability.

Department of Health Confirms Nearly 9 Million Patients Exposed by PJ&A

Perry Johnson & Associates (PJ&A) is a medical transcription service assisting providers like Cook County Health and Northwell Health.

TruePill Data Breach Exposes 2.3 Million Patients, Class Action Begins

Digital startup PostMeds Inc. , operating as TruePill, is an online pharmacy service based in California. The company allows patients to compare copay pricing, get status notifications on pill orders, and request refills.

Identity Theft Reporting Guide: Key Steps to Protect Your Identity

Identity theft is a real and distressing crime that's becoming a greater risk as more sensitive data moves to online locations.

What is ETL: Full Guide to Extraction, Transformation, and Loading

Everyone's heard some form of the age-old adage, "Information is power. " Today, managing data is what gives organizations huge advantages over their competitors.

BlackCat’s McLaren Health Care Data Breach Exposes 2.2 Million Patients

McLaren Health Care is a network of 13 hospitals and three clinics serving the residents of north and central Michigan. They care for more than 732k lives by providing various services and network solutions, including a national cancer institute.

City of Huber Heights Targeted by Ransomware Attack Sunday

The City of Huber Heights is in east Ohio, north of Dayton. The suburban area has a population of around 50,000, but other populated areas are nearby.

Featured Articles

How to buy a house with bad credit.

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

What is the Dark Web: Things You Need To Know Before Accessing The Dark Web

The dark web, also known as the "darknet", is a portion of the internet that lies outside the boundaries of traditional search engines.

Secure Wi-Fi and Wireless Technology Security Tips

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details.

Adult Friend Finder Hacked, 412 Million Accounts Exposed

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts.

How to Erase Yourself from the Internet

In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. 

Credit Freeze vs. Lock: What’s the Difference?

With all our technology and connectedness comes a price, vulnerability. Now more than ever before, our credit and identities are at risk from cybercriminals, thieves, and hackers.

• Artificial Intelligence
• Generative AI
• Business Operations
• IT Leadership
• Application Security
• Business Continuity
• Cloud Security
• Critical Infrastructure
• Identity and Access Management
• Network Security
• Physical Security
• Risk Management
• Security Infrastructure
• Vulnerabilities
• Software Development
• Enterprise Buyer’s Guides
• United States
• United Kingdom
• Newsletters
• Foundry Careers
• Terms of Service
• Privacy Policy
• Cookie Policy
• Member Preferences
• About AdChoices
• E-commerce Links
• Your California Privacy Rights

Our Network

• Computerworld
• Network World

SEC, FTC Investigate Heartland After Data Theft

Following a data breach, heartland payment systems is being investigated by the ftc and the sec.

Federal agencies, including the U.S. Federal Trade Commission and the U.S. Securities and Exchange Commission, have begun investigating Heartland Payment Systems following a massive data breach at the payment processing company.

Company President and Chief Financial Officer Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is also a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.

Heartland has also been hit with a class-action lawsuit relating to the breach, which was publicly disclosed on Jan. 20. “We may, in the future, be subjected to other governmental inquiries and investigations,” Baldwin said during the call. “We intend to vigorously defend any claims asserted against us.”

Hackers were able to break into Heartland’s systems and collect unencrypted data on payment card transactions that the company processed on behalf of its merchant clients. Merchants at about 250,000 locations, including retail stores, gas stations and hotels, use Heartland’s services. Heartland does not know how long the hackers were able to steal credit card information or how many cards were affected.

In recent months at least three credit-card processing companies, including Heartland, have been the victims of sophisticated criminal attacks resulting in millions of compromised payment cards. One of the other card processors, RBS WorldPay, lost data on 1.5 million customers. A third hack, at an unnamed payment processor, was disclosed last week.

The Treasury’s OCC may be taking an interest in the breach because it could be part of a larger problem for the banking industry, said Avivah Litan, an analyst with Gartner Research. “I think that the criminal gang that targeted Heartland is targeting multiple payment processors and it’s a serious threat to the integrity of the payment systems,” she said.

Reached Wednesday, a Heartland spokesman could not say why the SEC was investigating the company.

However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.

During the conference call, Carr said that his trades were part of a 10b5-1 plan initiated in August — months before Heartland knew of any problems — to pay off his personal debt, and that he stopped selling shares as soon as the company discovered malicious software on its systems on the night of Jan. 12. “I had no discretion regarding the terms or timing of the sales,” he said.

Carr sold just over 900,000 of his 5.8 million shares before pulling the plug on the 10b5-1 plan in January, Heartland said.

It is not unusual for the FTC to investigate data breaches and use its authority to seek penalties or consumer restitution following data breaches. ChoicePoint reached a $15 million FTC settlement in 2006 after identity thieves gained access to 163,000 consumer records in the company’s database.

David Shettler, chief technology officer with the volunteer-run Open Security Foundation, said that government investigations will help Heartland’s customers and business partners understand what is going on. “There are a lot of unanswered questions,” he said. “Bankers around the country are getting frustrated because they’re having to incur the costs of reissuing these cards, and they’re not getting a lot of information.”

“The bankers are bearing the brunt of this in a time and an economy where the banks aren’t doing so great,” Shettler said.

In 2007, the Massachusetts Bankers Association sued retailer The TJX Group, seeking tens of millions of dollars in compensation for banks that were forced to reissue credit cards after hackers stole credit card information from the U.S. retailer. That suit was settled after Visa and TJX set up a $40.9 million fund to compensate banks.

Related content

Sysdig digs up a ransomware gang in stealth for over a decade, 5 groups that support diversity in cybersecurity, us environmental protection agency hack exposes data of 8.5 million users, us federal agencies get first crack at expanded microsoft 365 logging capabilities, from our editors straight to your inbox, show me more, google chrome aims to solve account hijacking with device-bound cookies.

An onslaught of security flaws pushes Ivanti into security redesign

New CISO appointments 2024

CSO Executive Sessions: Geopolitical tensions in the South China Sea - why the private sector should care

CSO Executive Sessions: 2024 International Women's Day special

CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection

LockBit feud with law enforcement feels like a TV drama

Sponsored Links

• IDC report: Life-cycle services can help align technology, operational, and business outcomes.
• Digital infrastructure plays a big role in business outcomes. Read this IDC report to learn more.
• Tomorrow’s cybersecurity success starts with next-level innovation today. Join the discussion now to sharpen your focus on risk and resilience.

• Webinar I Future Proof Your Organization with an Integrated Approach to Enterprise Customer Decisioning •
• Gaining Security Visibility and Insights Throughout the Identity Ecosystem •

Heartland Payment Systems, Forcht Bank Discover Data Breaches

• Credit Eligible
• Get Permission

• Card Not Present Fraud
• Fraud Management & Cybercrime
• Governance & Risk Management
• Standards, Regulations & Compliance

About the Author

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

You might also be interested in …

Silos: Banking's Silent Menace

Financial Institutions: Is Your Organization Prepared for the FinCEN SAR Update?

Reducing Fraud In Digital Banking

Open Banking, PSD2, and The Transformation of Financial Services

Four Imperatives Financial Institutions Face in the Digital Era

The Power of Identity in Financial Services

The Future of Fraud Fighting

10 Tips For Winning Chargebacks

A Tale of Two Ransomware Attacks

Around the network.

Why HHS' Cybersecurity Goals Aren't Necessarily Voluntary

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Transforming a Cyber Program in the Aftermath of an Attack

Protecting Medical Devices Against Future Cyberthreats

Is It Generative AI's Fault, or Do We Blame Human Beings?

Safeguarding Critical OT and IoT Gear Used in Healthcare

Medical Device Cyberthreat Modeling: Top Considerations

How 'Security by Default' Boosts Health Sector Cybersecurity

Planning for Healthcare IT Resiliency on a Regional Basis

Properly Vetting AI Before It's Deployed in Healthcare

Please fill out the following fields (all fields required):, subscription preferences:, operation success, risk management framework: learn from nist.

90 minutes · Premium OnDemand 

From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations' risk management capabilities. But no one is showing them how - until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 - the bible of risk assessment and management - will share his unique insights on how to:

• Understand the current cyber threats to all public and private sector organizations;
• Develop a multi-tiered risk management approach built upon governance, processes and information systems;
• Implement NIST's risk management framework, from defining risks to selecting, implementing and monitoring information security controls.

Presented By

Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)

Was added to your briefcase

Request to Republish Content

Email this Content

Just to prove you are a human, please solve the equation:

Join the ISMG Community

Register with an ismg account, already have an ismg account.

Sign in now

Need help registering? Contact support

Thank you for registering with ISMG

Complete your profile and stay up to date

Need help registering?

Contact Support

Sign in to ISMG

Sign in with your ismg account, don't have one of these accounts.

Create an ISMG account now

Forgot Your Password?

Enter your email address to reset your password, forgot your password message:.

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.

You are using an outdated browser. Please upgrade your browser or activate Google Chrome Frame to improve your experience.

• Skip to main content
• Keyboard shortcuts for audio player

Millions of customers' data found on dark web in latest AT&T data breach

Chloe Veltman

An AT&T store in New York. The telecommunications company said Saturday that a data breach has compromised the information tied to 7.6 million current customers. Richard Drew/AP hide caption

An AT&T store in New York. The telecommunications company said Saturday that a data breach has compromised the information tied to 7.6 million current customers.

AT&T announced on Saturday it is investigating a data breach involving the personal information of more than 70 million current and former customers leaked on the dark web.

According to information about the breach on the company's website, 7.6 million current account holders and 65.4 million former account holders have been impacted. An AT&T press release said the breach occurred about two weeks ago, and that the incident has not yet had a "material impact" on its operations.

AT&T said the information included in the compromised data set varies from person to person. It could include social security numbers, full names, email and mailing addresses, phone numbers, and dates of birth, as well as AT&T account numbers and passcodes.

The company has so far not identified the source of the leak, at least publicly.

"Based on our preliminary analysis, the data set appears to be from 2019 or earlier," the company said. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in theft of the data set."

AT&T says cell service is back after a widespread outage and some disrupted 911 calls

The company said it is "reaching out to all 7.6 million impacted customers and have reset their passcodes," via email or letter, and that it plans to communicate with both current and former account holders with compromised sensitive personal information. It said it plans to offer "complimentary identity theft and credit monitoring services" to those affected by the breach.

External cybersecurity experts have been brought in to help investigate, it added.

NPR reached out to a few AT&T stores. The sales representatives in all cases said they were as yet unaware of the breach.

On its website, the telecommunications company encouraged customers to closely monitor their account activity and credit reports.

"Consumers impacted should prioritize changing passwords, monitor other accounts and consider freezing their credit with the three credit bureaus since social security numbers were exposed," Carmen Balber, executive director of the consumer advocacy group Consumer Watchdog, told NPR.

An industry rife with data leaks

AT&T has experienced multiple data breaches over the years.

In March 2023, for instance, the company notified 9 million wireless customers that their customer information had been accessed in a breach of a third-party marketing vendor.

In August 2021 — in an incident AT&T said is not connected to the latest breach — a hacking group claimed it was selling data relating to more than 70 million AT&T customers. At the time, AT&T disputed the source of the data. It was re-leaked online earlier this month. According to a Mar. 22 TechCrunch article , a new analysis of the leaked dataset points to the AT&T customer data being authentic. "Some AT&T customers have confirmed their leaked customer data is accurate," TechCrunch reported. "But AT&T still hasn't said how its customers' data spilled online."

AT&T is by no means the only U.S. telecommunications provider with a history of compromised customer data. The issue is rife across the industry. A 2023 data breach affected 37 million T-Mobile customers. Just last month, a data leak at Verizon impacted more than 63,000 people, the majority of them Verizon employees.

A 2023 report from cyber intelligence firm Cyble said that U.S. telecommunications companies are a lucrative target for hackers. The study attributed the majority of recent data breaches to third-party vendors. "These third-party breaches can lead to a larger scale supply-chain attacks and a greater number of impacted users and entities globally," the report said.

Government rules adapt

Meanwhile, last December, the Federal Communications Commission (FCC) updated its 16-year-old data breach notification rules to ensure that telecommunications providers adequately safeguard sensitive customer information. According to a press release , the rules aim to "hold phone companies accountable for protecting sensitive customer information, while enabling customers to protect themselves in the event that their data is compromised."

"What makes no sense is leaving our policies stuck in the analog era," said FCC Chairwoman Jessica Rosenworcel in a statement regarding the changes. "Our phones now know so much about where we go and who we are, we need rules on the books that make sure carriers keep our information safe and cybersecure."

• data breach

Indian audio giant boAt says it’s investigating suspected customer data breach

India’s largest audio and wearables brand boAt is investigating a possible data breach after hackers advertised a cache of alleged customer data online.

A sample of alleged customer data was uploaded on a known cybercrime forum, which includes full names, phone numbers, email addresses, mailing addresses and order numbers. A portion of the data that TechCrunch reviewed appears genuine based on checks against exposed phone numbers.

The hacker said the breach happened in March, which led to the compromise of the data of more than 7.5 million customers.

In a statement emailed to TechCrunch, boAt said it was investigating the matter but did not disclose specifics.

“boAt is aware of recent claims regarding a potential data leak involving customer information. We take these claims seriously and have immediately launched a comprehensive investigation. At boAt, safeguarding customer data is our top priority,” the company said.

The leaked data includes references to Shopify. Indian outlet Athenil reported that the alleged hackers claimed the data was obtained by using credentials stolen from boAt’s systems.

boAt, which counts Warburg Pincus and South Lake Investment among its key investors, leads the market of wireless earbuds in India with nearly 34% share, according to data provided by IDC . boAt also dominates India’s wearables market, boasting some 26% of the market share.

In 2022, boAt, which was valued at $300 million in its Series B round of $100 million 2021, filed for its IPO to raise up to $266 million . The brand, however, postponed its public listing plans after seeing a slowdown in the public market.