ATM heists linked to RBS WorldPay data breach

A data breach at US electronic transaction firm RBS WorldPay has been linked to a gang that used debit cards to steal millions of dollars from ATMs.

The FBI has released images of thieves believed to be part of a gang that took money from ATMs in 49 cities around the world using cloned debit cards in late November.

The thefts stemmed from a data breach at RBS WorldPay in which hackers stole the personal data of 1.5 million card holders, in early November, according to the Washington Post.

The thefts, which come within weeks of a data breach disclosure by Heartland Payment Systems, highlight the vulnerability of data processed by these firms.

Heartland, which is being sued for failing to protect customers from identity fraud, has announced a dedicated department to encrypt data on all its systems.


Despite being compliant with the Payment Card Industry Data Security Standard PCI DSS, cybercriminals were able to gain access to Heartland’s systems.

The PCI DSS does not currently require that credit card data be encrypted on internal networks, which Heartland says it will now implement.

Robert Carr, chief executive of Heartland, has defended the PCI DSS as a good standard, but said increasingly sophisticated attacks demand end-to-end encryption.

Encryption of data in motion between internal systems is the next logical step according to Carr, but he said constant monitoring will always be required.

Carr has called for greater information sharing in the payments industry to prevent cybercriminals from re-using techniques in multiple attacks.

via ATM heists linked to RBS WorldPay data breach | 6 Feb 2009 |