Site icon Liquidmatrix Security Digest

Ripple Effect: Canadian Tire Reissuing 16,000 Cards

The Heartland ripple effect has begun. Canadian retailer, Canadian Tire, has begun to cancel and reissue 16,000 replacement Mastercards.

From The Star:

“What we started to do was…call the cardholders and actually share the information with them and then cancel their card, and re-issue them a secure card.”

Any card that was used in the U.S. during a specific period of time was deemed to be at risk, said Gibson, whose own personal card was affected.

Canadian Tire Financial Services manages the country’s second-largest MasterCard franchise, with more than five million accounts. The number of cards affected represents a very small percentage of the total number of cards issued by the retailer, Gibson said.

“Having said that, obviously we wanted to take it seriously, which is why we canceled the cards.”

Good job on Canadian Tire for doing what Heartland didn’t. Show some responsibility.

This passage makes me wonder,

Mastercard has refused to comment further, citing an ongoing investigation. Heartland president and chief financial officer Robert Baldwin said the company immediately notified U.S. law enforcement officials after learning of the breach.

This seems to be somewhat in question. The argument could be made that this breach was, at least at a cursory level, known a year ago.

Robert Baldwin was also quoted in the Washington Post as saying that,

…the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments.

and

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients.

The source was uncovered in January but, at what point did they know there was a breach?

The ripples continue.

Article Link

Exit mobile version