Heartland CEO Provides More Details On Big Data Breach

[lyger <lyger () attrition org>]

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=214600079

Heartland Payment Systems' top executives yesterday shed more light on the 
massive data breach at the firm and said that Heartland would fight 
ensuing lawsuits stemming from the breach.

In an earnings call, the transcript of which has been posted online as 
well as summarized in the firm's fourth quarter 2008 financial report, 
Heartland chairman and CEO Bob Carr said the malware that infected the 
firm's systems could read and collect unencrypted data in motion, and that 
the attackers may have been able to "trade" from its network some of the 
data that was accessed.

"Keep in mind that Heartland passed its PCI certification last April and 
assessors are currently on-site for 2009 certification which we are 
targeting to begin to complete by the end of April. In that regard 
throughout the potential period of the breach, Heartland did have 
antivirus software installed on its payment processing network," Carr 
said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss