follow-up: Heartland CEO on Data Breach: QSAs Let Us Down

[security curmudgeon <jericho () attrition org>]

http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down

Heartland CEO on Data Breach: QSAs Let Us Down

Heartland Payment Systems Inc. CEO Robert Carr opens up about his company's 
data security breach, how compliance auditors failed to flag key attack vectors 
and what the big lessons are for other companies.

By Bill Brenner, Senior Editor

August 12, 2009  CSO

For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off 
well, to say the least.

In January, the Princeton, N.J.-based provider of credit and debit processing, 
payment and check management services was forced to acknowledge it had been the 
target of a data breach -- in hindsight, possibly the largest to date with 100 
million credit and debit cards exposed to fraud.

In the following Q&A, Carr opens up about his company's data security breach. 
He explains how, in his opinion, PCI compliance auditors failed the company, 
how informing customers of the breach before the media had a chance to was the 
best response, and how other companies can avoid the pain Heartland has 
experienced.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php