US police have made the first arrests following a 2008 data
breach at
Heartland Payment Systems.
Leon County police in Florida said three people had been
arrested for using credit card numbers stolen in the computer
hijacking of Heartland's transaction systems.
The credit card numbers were used to make fraudulent purchases
at local Wal-Mart stores totalling at least $100,000 in actual and
declined transactions.
Leon County police said the investigation will continue and is
likely to produce additional charges and arrests.
More than 220 financial institutions have been affected by the
Heartland data breach according to a growing list being compiled by
BankInfoSecurity.com.
Heartland, which faces class action law suits for failing to
protect customers from identity fraud, has announced a dedicated
department to encrypt data on its systems.
Despite being compliant with the
Payment Card Industry Data Security Standard (PCI DSS),
cybercriminals were able to gain access to Heartland's systems.
The PCI DSS does not currently require that credit card data be
encrypted on internal networks, which Heartland says it will now
implement.
The first Heartland-related arrests come a week after a data
breach at US-based RBS WorldPay was linked to a gang that used
cloned debit cards to steal millions of dollars.
The FBI has released images of thieves believed to be part of a
gang that took money from ATMs in 49 cities around the world using
cloned debit cards in late November.
The thefts stemmed from a data breach at
RBS
WorldPay in which hackers stole the personal data of 1.5
million card holders, in early November.