Trojans/spyware was installed inside the datacenter where this information was being processed. Heartland processes about 100,000,000 credit card transactions per month. They're being quite tight-lipped about how long the trojanware had been active inside their "secure zone."
Heartland thought that they could release the news during Obama's inauguration and that no one would notice. Heh.
While PCI-DSS is wild overkill for most of the folks here, it does give an idea of what sort of security measures that a business handling money needs to do. And as you move towards profitability and sale, meeting or exceeding the data security standards will become important.
Trojans/spyware was installed inside the datacenter where this information was being processed. Heartland processes about 100,000,000 credit card transactions per month. They're being quite tight-lipped about how long the trojanware had been active inside their "secure zone."
Heartland thought that they could release the news during Obama's inauguration and that no one would notice. Heh.
Here's a list of banks that admit being affected:
http://www.bankinfosecurity.com/articles.php?art_id=1200&...
Some industry comments: http://www.bankinfosecurity.com/articles.php?art_id=1212&...
While PCI-DSS is wild overkill for most of the folks here, it does give an idea of what sort of security measures that a business handling money needs to do. And as you move towards profitability and sale, meeting or exceeding the data security standards will become important.
https://www.pcisecuritystandards.org/security_standards/pci_...