February 19,2009
-
News: Contra Costa Community College, CA CVV Calamity.
It appears that this Bay Valley California community was hit pretty hard by the recent credit card breach at Heartland. Not only were PANs (credit card numbers), cardholder names and expiration dates compromised but, CVVs (card verification values) were stolen as well. CVVs are the real damage, allowing thieves to max out a card in minutes from anywhere in the world and, almost certainly, not be caught in making the transaction. All three of their campuses were affected. Heartland Payment Systems is contracted for all of their credit card transactions for the district's online and telephone registration. In addition, any purchases made at any of the three campuses, experienced this data breach also. This applies to anyone who registered for classes through the school's WebAdvisor or by telephone. Same thing for everyone who used his or her credit cards at one of the campus bookstores.
Anyone who has paid by credit card for things like tuition, books from the bookstore, food or, even a cup of coffee from the cafeteria, is most probably among those 100 million transactions from Heartland's November processing throuput and, therefore, has had their credit card compromised.
If there is any good news, it may be that personal identification was not breached. What this should mean is that the scope of the damage should be limited to only the credits cards that were used. The information stolen is not sufficient for identity theft. In addition, Heartland has announced that card holders will not be held liable for any fraudulent credit card charges resulting from the breach as long as their reported in a timely fashion (within 60 days).
District Director of Communications and Community Relations, Timothy Leong and district Information Security Officer Adam Jacobs advise "close scrutiny of monthly statements and immediate bank or company notification if one finds anything suspicious." In those cases, however they state that, it shouldn't be necessary to file a police report. It is advisable to contact one's credit card issuer immediately.
At present, the college has no plans to stop conducting business with Heartland, who are contracted with most of the campuses for credit card processing, either directly or indirectly. But, they say, if the vendors wish to severe ties with Heartland, the district probably will too.