Lessons from the Data Breach at Heartland

[security curmudgeon <jericho () attrition org>]

http://www.businessweek.com/technology/content/jul2009/tc2009076_891369.htm

Special Report July 6, 2009, 3:33PM EST
Lessons from the Data Breach at Heartland
How a top payments processor responded to the largest-ever criminal 
pilfering of credit-card data, and what other companies can learn from it
By Rachael King

Robert Carr was settling in for the evening in a New York hotel on Jan. 12 
this year when at 10:30 p.m. he got a phone call that every financial 
services executive dreads. Carr, CEO of Heartland Payment Systems (HPY), 
learned that intruders might have hacked into the company's computer 
network.

The next morning, his fears were confirmed. For a period starting in May 
2008, cybercriminals had burrowed deeply into Heartland's network and 
recorded consumers' credit- and debit-card data. "That's the worst thing 
that can happen to a payments company and it happened to us," says Carr.

Heartland, the fifth-biggest payments processor in the U.S., had suffered 
what within days would be called the largest-ever criminal breach of card 
data. Security experts estimate that as many as 100 million cards issued 
by more than 650 financial services companies may have been compromised. 
Heartland faces class actions and inquiries by federal regulators over the 
matter.

[..]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php