Concerns Over Ways Online Identity Theft Breaches Can Occur
Concerns Over New Ways Online Identity Theft Can Occur
An online travel reservation site used by government employees remains shutdown after being targeted by hackers in an identity theft breach.
Various news outlets are reporting that on or around February 11th, users of GovTrip.com were redirected to a malicious site.
GovTrip.com is used by federal agencies including the EPA, departments of Energy, Health and Human Services, and the Treasury to make travel reservations and to facilitate travel expense reimbursement.
The Washington Post quotes GSA spokesman Robert Lesino as saying, "No personal data was known to be compromised. The incident was quickly identified and a US CERT [alert] was issued."
"GSA, the vendor, and customer agency IT specialists are moving swiftly to identify short-term and long-term measures to find the source of the incident and to prevent such an incident from recurring," continues Lesino.
Protecting personally identifiable details in a web-based age requires ongoing vigilance.
In the event of a data breach where personal information is compromised, credit monitoring or activating a credit alert are options that may help consumers remain aware of credit file activity.
"Malicious Software" Blamed for Identity Theft Breach
Heartland Payment Systems announced January 20, 2009 that it incurred an identity theft security breach at some point in 2008.
Visa and MasterCard initially alerted Heartland to suspicious data and following inspection by forensic auditors, the company notified federal law enforcement officials to the evidence of "malicious identity theft software" within its systems.
Heartland provides credit card processing, payroll, check management and payments solutions to more than 250,000 businesses.
"The transactional data crossing our platform, in terms of magnitude... is about 100 million transactions a month," said Robert Baldwin, Heartland's president and chief financial officer. "At this point, though, we don't know the magnitude of what was grabbed."
Confidential information such as social security numbers and PIN numbers were not compromised, the company says. However the digital information that was garnered during the identity theft breach can be used to fashion counterfeit cards, warns Brian Krebs of the Washington Post.
Given the magnitude of data processed by Heartland, this may be the largest data breach ever reported.
Previously, the largest identity theft breach was in 2007 when TJX, owner of retail stores TJ Maxx and Marshalls, reported over 45 million credit and debit card numbers stolen.
