Gadgetell | Tech News, Reviews, and Interesting Things

Three men have been indicted in what federal authorities are calling the largest identity theft case ever prosecuted.  The three men are accused of hacking into the files of Heartland Payment Systems between October 2006 and May 2008.  Heartland processes debit and credit card payment for over a quarter of a million businesses.  Some of the breaches occurred at 7-Eleven and Hannaford Brothers and at least 650 financial institutions were affected.

One of the men, a 28 year old Miami man, is a former Secret Service informant that was indicted last year for his roles in nearly a dozen other data breaches including ones at Barnes & Noble, BJ’s Wholesale, TJ Maxx, Boston Market, DSW, Forever 21, Office Max, and Sports Authority.  The other two men are said to be from Russia.  Together, the threesome stole data on over 130 million credit and debit cards and face 35 years in prison.

“This investigation marks the continued success of law enforcement in tracking down cutting-edge hacking schemes committed by hackers working together across the globe,” said Ralph J. Marra Jr., acting U.S. attorney for the district of New Jersey.

Ironically, the Miami man, Albert Gonzalez, served as a Secret Service informant in 2004 and is credited with helping “Operation Firewall” take down an online marketplace specializing in stolen data and leading to the arrest of 28 people.

The security breach has cost Heartland $32 million so far.  Have you been affected?  If you were, chances are you know already.  The breach was first discovered by Mastercard when they noticed a large amount of suspicious activity.  They then notified Heartland.  My bank, HSBC was one of the institutions affected.  Although my account was compromised, HSBC canceled my debit card and issued me a new one.  They did the same for all their customers and sent the new cards out with a letter explaining the situation.

Companies need to get tougher on security and eliminate the vulnerabilities that hackers keep seeking out and exploiting.  In the meantime how can you protect yourself?  There are a few steps you can take, such as never using generic ATMs, keeping an eye on your card when you use it in a store or restaurant, (this means watching as its swiped if you can-some thieves have skimmers hidden under counters and count on distracted customers to give them the chance to use it) and keeping a very close eye on your credit card and bank accounts so you’ll catch any fraudulent activity right away.

If fraudulent activity does show up, don’t panic.  Call your bank or credit card company right away.  You’re protected in most cases as long as you report it quickly, even if it is your debit card as long as it has the Mastercard or Visa logo on it.

Protection against data breaches starts with retailers and payment processors. They must have rigid and through security practices in place and make sure their employees at every level comply with them.  It’s clear what they are doing now simply isn’t working.

Read [WashingtonPost]