Gartner Blog Network


New credit card data breach revealed

by Avivah Litan  |  March 30, 2012  |  140 Comments

Just when we thought the big credit card data breaches were over, at least for a while (with Alberto Gonzalez put away after his scams at TJX, Heartland Payments and others) – along comes a new one reported today in www.Krebsonsecurity.com. See KrebsOnSecurity.com

Visa and MasterCard have already issued warnings on this. I’ve spoken with folks in the card business who are seeing signs of this breach mushroom. Looks like the hackers have started using the stolen card data more recently. From what I hear, the breach involves a taxi and parking garage company in the New York City area so if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud.

One interesting twist again sheds light on the fact that knowledge based authentication should not be relied upon. I heard (and this may not be factual) that the crime was perpetrated by a Central American gang that broke into the company’s system by answering the application’s knowledge based authentication questions correctly. Looks like the hackers took over an administrative account that was not protected sufficiently.

Isn’t that usually the case? So if that’s indeed what happened, we can expect the PCI assessors to say NO to KBA on administrative accounts. They need to say NO to many different types of authentication which are being successfully bypassed by determined crooks. See our research on “The Five Layers of Fraud Prevention” and “When Strong Authentication Fails and What you can do about it.”

A layered approach is always best, since you have to assume the bad guys will get through one or two or even three layers.

In the meantime, I’m not sure what’s holding up public disclosure of this breach but expect it to come soon.

Category: 

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio


Thoughts on New credit card data breach revealed


  1. […] “I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner security analyst Avivah Litan wrote Friday in a blog post. […]

  2. […] though improved credit cards themselves would vastly boost security. Gartner confidence researcher Avivah Litan told CNN/MONEY that she is “skeptical about either a credit card attention will deposit a income […]

  3. […] of unverified reports that a New York City street gang with Central American ties took control of “an administrative account that was not protected sufficiently”. Hopefully a little more light will be shed over the following days as to the nature of the breach […]

  4. […] but better credit cards themselves would vastly increase security. Gartner security analyst Avivah Litan told CNN/MONEY that she is “skeptical about whether the credit card industry will invest the […]

  5. […] but better credit cards themselves would vastly increase security. Gartner security analyst Avivah Litan told CNN/MONEY that she is “skeptical about whether the credit card industry will invest the […]

  6. […] analyst Avivah Litan said she believed the breach was related to a taxi garage in New York […]

  7. […] Global Payments Angriff soll schon Anfang März stattgefunden haben. Die Amerikanerin Avivah Litan geht in Ihrem Blog davon aus, dass anscheinend ein New Yorker Taxi-Unter in den Fall verwickelt sei: Wer in den letzten Monaten […]

  8. […] “I’ve oral with folks in a label business who are observant signs of this crack mushroom,” Gartner confidence researcher Avivah Litan wrote Friday in a blog post. […]

  9. John says:

    We offer a software solution that automatically blocks the affected cards once the Visa/Mastercard scheme has alerted the Banks/Credit Unions of the compromised cards. It can stop and reissue over 20,000 card accounts a day – which in a large compromise situation like this is invaluable. Please forgive the blatant push for our software,but it does what it says and could save Credit Card companies millions in protecting potential compromised cards immediately. One German bank that uses it has saved countless money. http://freshvue.co.uk/cap.php
    Please get in touch for a frank discussion on how we can help.
    John

  10. […] 12:54 p.m. ET: Gartner fraud analyst Avivah Litan adds a bit more perspective to this story, saying the people she is talking to with knowledge of the situation say they are […]

  11. […] analyst Avivah Litan said she believed the breach was related to a taxi garage in New York […]

  12. […] that may be at risk. Avivah Litan, an analyst for Gartner who follows the credit card industry, has issued a report that says her sources “are seeing signs of this breach […]

  13. […] analyst Avivah Litan said she believed the breach was related to a taxi garage in New York City. Share […]

  14. […] analyst Avivah Litan said she believed the breach was related to a taxi garage in New York […]

  15. […] of unverified reports that a New York City street gang with Central American ties took control of "an administrative account that was not protected sufficiently". Hopefully a little more light will be shed over the following days as to the nature of the breach […]

  16. […] though improved credit cards themselves would vastly boost security. Gartner confidence researcher Avivah Litan told CNN/MONEY that she is “skeptical about either a credit label attention will deposit a income […]

  17. […] Есть также неофициальная информация, что утечка может потенциально затронуть до 10 миллионов карт, источники в финансовых организациях, которые получили информацию от VISA и MasterCard, называют утечку «очень крупной». […]

  18. […] “I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner security analyst Avivah Litan wrote Friday in a blog post. […]

  19. […] analyst Avivah Litan said she believed the breach was related to a taxi garage in New York […]

  20. […] “From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud,” Litan said in her blog post on the topic. […]

  21. […] “From what I hear, the breach involves a taxi and parking garage company in the New York City area, so if you’ve paid a NYC cab in the last few months with your credit or debit card — be sure to check your card statements for possible fraud,” Litan said in her blog post on the topic. […]

  22. […] “I’ve oral with folks in a label commercial operation who have been observant signs of this crack mushroom,” Gartner confidence researcher Avivah Litan wrote Friday in a blog post. […]

  23. […] “From what we hear, a crack involves a cab and parking garage organisation in a New York City area, so if you’ve paid a NYC cab in a final few months with your credit or withdraw label — be certain to check your label statements for probable fraud,” Litan pronounced in her blog post on a topic. […]

  24. […] the merchant and the processor; the former being a New York City taxi and parking garage company, according to Gartner analyst Avivah Litan. Global Payments apparently first identified the potential breach in early March, and the problem […]

  25. […] the merchant and the processor; the former being a New York City taxi and parking garage company, according to Gartner analyst Avivah Litan. Global Payments apparently first identified the potential breach in early March, and the problem […]

  26. […] New credit card data breach revealed […]

  27. […] the merchant and the processor; the former being a New York City taxi and parking garage company, according to Gartner analyst Avivah Litan. Global Payments apparently first identified the potential breach in early March, and the problem […]

  28. […] the merchant and the processor; the former being a New York City taxi and parking garage company, according to Gartner analyst Avivah Litan. Global Payments apparently first identified the potential breach in early March, and the problem […]

  29. […] “From what we hear, a crack involves a cab and parking garage organisation in a New York City area, so if you’ve paid a NYC cab in a final few months with your credit or withdraw label — be certain to check your label statements for probable fraud,” Litan pronounced in her blog post on a topic. […]

  30. […] the merchant and the processor; the former being a New York City taxi and parking garage company, according to Gartner analyst Avivah Litan. Global Payments apparently first identified the potential breach in early March, and the problem […]

  31. […] Quanti sono i dati a rischio? Milioni, in linea con il cyber attacco dell’2009 a carico di Heartland Payment Systems quando gli account compromessi furono 130 milioni. “Una gang Centro Americana è penetrata nel sistema rispondendo correttamente alle domande di autenticazione dell’applicazione. Ciò significa che l’account non era protetto a sufficienza” secondo Gartner. […]

  32. […] How did this major breach occur? It looks like hackers may have gottem into the system by correctly answering knowledge-based authentication questions to gain access to an administrative account, according to Gartner analyst Avivah Litan. […]

  33. […] New Credit Card Data breach Revealed. http://blogs.gartner.com/avivah-litan/2012/03/30/new-credit-card-data-breach-revealed/  (accessed March 31, 2012) Share this:TwitterFacebookLike this:LikeBe the first to like this […]

  34. […] th&#1077 former being a N&#1077w York City taxi &#1072n&#1281 parking garage companionship, according t&#959 Gartner analyst Avivah Litan. Global Payments rumor h&#1072&#1109 &#1110t th&#1072t first identified th&#1077 potential breach […]

  35. […] a businessman and a processor; a former being a New York City cab and parking garage company, according to Gartner researcher Avivah Litan. Global Payments apparently initial identified a intensity crack in early March, and a problem had […]

  36. […] How did this major breach occur? It looks like hackers may have gotten into the system by correctly answering knowledge-based authentication questions to gain access to an administrative account, according to Gartner analyst Avivah Litan. […]

  37. […] “I’ve spoken with folks in the card business who are seeing signs of this breach mushroom,” Gartner analyst Avivah Litan wrote Friday in a blog post. […]

  38. […] The value of a business credit cardNew Class Action Settlement for Credit Card HoldersBest source of Para DigM 4Inc › Invaluable Credit Card Advice For ConsumersHow To Make Money To Pay Your BillsIncrease The Quality Of one’s Life Using These Monetary GuidelinesNew credit card data breach revealed […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.