Fwd: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down
From the folks at Attrition and the DatalossDB.
---------- Forwarded message ----------
From: security curmudgeon <firstname.lastname@example.org>
Date: Aug 12, 2009 4:22 PM
Subject: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down
To: email@example.com, firstname.lastname@example.org
Heartland CEO on Data Breach: QSAs Let Us Down
Heartland Payment Systems Inc. CEO Robert Carr opens up about his companys
data security breach, how compliance auditors failed to flag key attack vectors
and what the big lessons are for other companies.
By Bill Brenner, Senior Editor
August 12, 2009 CSO
For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off
well, to say the least.
In January, the Princeton, N.J.-based provider of credit and debit processing,
payment and check management services was forced to acknowledge it had been the
target of a data breach -- in hindsight, possibly the largest to date with 100
million credit and debit cards exposed to fraud.
In the following Q&A, Carr opens up about his companys data security breach.
He explains how, in his opinion, PCI compliance auditors failed the company,
how informing customers of the breach before the media had a chance to was the
best response, and how other companies can avoid the pain Heartland has