

Indictment in Heartland hacking case - Tangurena
http://www.wired.com/images_blogs/threatlevel/2009/08/gonzalez.pdf

======
Tangurena
I find the 130,000,000 number that is being bandied about to be rather low for
what had been happening: Heartland processes about 100,000,000 transactions
per month.

The indictment stated that they broke in during December 2007. Heartland was
contacted by Visa Security in October 2008. This means that the hackers were
sniffing transactions inside the datacenter for 10 months. Since all
transactions inside their datacenter were in the clear, I suspect the number
actually acquired by the hackers is about 10x what the official news is
stating.

[http://www.storefrontbacktalk.com/securityfraud/heartland-
sn...](http://www.storefrontbacktalk.com/securityfraud/heartland-sniffer-hid-
in-unallocated-portion-of-disk/)

Maybe I'm getting too cynical in my old age, but Heartland released the news
of the attack _during_ Obama's inauguration, hoping it would get lost in the
noise.

Some more reading: [http://www.wired.com/threatlevel/2009/05/heartland-breach-
co...](http://www.wired.com/threatlevel/2009/05/heartland-breach-cost-
company-126-million-so-far)

[http://www.theregister.co.uk/2009/01/20/heartland_payment_br...](http://www.theregister.co.uk/2009/01/20/heartland_payment_breach/)

