

First arrests in Heartland Data breach - Tangurena
http://www.bankinfosecurity.com/articles.php?art_id=1210

======
Tangurena
Why is this important:

Trojans/spyware was installed _inside_ the datacenter where this information
was being processed. Heartland processes about 100,000,000 credit card
transactions per month. They're being quite tight-lipped about how long the
trojanware had been active inside their "secure zone."

Heartland thought that they could release the news _during_ Obama's
inauguration and that no one would notice. Heh.

Here's a list of banks that admit being affected:

[http://www.bankinfosecurity.com/articles.php?art_id=1200&...](http://www.bankinfosecurity.com/articles.php?art_id=1200&opg=1)

Some industry comments:
[http://www.bankinfosecurity.com/articles.php?art_id=1212&...](http://www.bankinfosecurity.com/articles.php?art_id=1212&opg=1)

While PCI-DSS is wild overkill for most of the folks here, it does give an
idea of what sort of security measures that a business handling money needs to
do. And as you move towards profitability and sale, meeting or exceeding the
data security standards will become important.

[https://www.pcisecuritystandards.org/security_standards/pci_...](https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html)

