Security research, news and guidance

Heartlands data breach, its a big one!

August 18, 2009  |  Written by admin  |   Application Security, Data Loss, PCI DSS   |   Leave a comment


I was in the middle of writing up a blog post pulling together information about the Heartlands data breach after I read earlier that three people have been indicted for the Heartland hack until I came across Rich Mogull’s excellent blog post. No point in me re-inventing the wheel after he had done such a great job!

Some of the current highlights from the breach information are:

The hacker behind the Heartland breach is the same guy who hacked TJX, Hannafords and 7-Eleven

130 million credit card numbers have been stolen

SQL Injection appears to be the vulnerability that has been exploited

As I have said many times you have to stop these web application vulnerabilities otherwise you will get exploited! The Secure Development Principles would have prevented this exploit if the vulnerable application had been built following the guidance I outline in the principles.

Invest in security, build security in and constantly strive to improve your security development and testing processes or you will eventually get caught out.


This entry was posted on August 18, 2009 at 4:53 am and is filed under Application Security, Data Loss, PCI DSS . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment


Look at our latest security Videos & SlideShares


Upcoming Security Events & Seminars


Check out our Podcasts & White Papers