Encryption Blog

Compliance Doesn't Necessarily Mean You're Safe

Kevin Albright | 05 Nov 2012 | 0 comments

Kevin Albright - Product Marketing Manager

By now I’m sure you’ve heard about last week’s breach at Heartland Payment Systems. The number of total records compromised has not yet been released, but given California’s SB 1386 we should be hearing some sort of estimate soon. What is known is that Heartland has contacted 150,000 merchants that it processes payments for and it handles roughly 100 million credit card and debit card transactions per month. Given that this breach is suspected of starting in October 2008, the quick and dirty math should give you a rough estimate of how big this breach is…Huge! Already companies have been contacting customers, issuing new cards, and we are all put on alert to watch our credit card and debit card statements in the coming months.

The interesting thing about this breach is that Heartland was PCI compliant, and that the nature of this breach fell within the rules of the PCI-DSS v1.2...

Biting the Hand That Feeds

Doug McLean | 05 Nov 2012 | 0 comments

Damon Patrick Toey plead guilty Friday to his role in the TJX breach. The legal strategy being pursued by the prosecution here is pretty clear. Get one or more of the minor players to roll over by promising leniency if they testify against the "bigger fish". In this case the big fish is the purported ring leader, Albert Gonzalez.

We'll be able to tell just how much confidence the government has in its case based on the number of guilty pleas they'll extract from the co-conspirators before they take Gonzalez to trial. If they're highly confident that the body of evidence can get them a conviction, they'll probably only offer deals to one or two others and they'll take Gonzalez to trial rather quickly. If there are holes in the evidence, they'll negotiate with the other perpetrators to see who they can...

Encryption Blog

Links

About Encryption Blog

Filter by:

Blog Tags