I just read Bill Brenner’s interview with Heartland Payment Systems’ CEO Bob Carr [Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling.
Basically, he’s throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn’t find anything, therefore he should be off the hook.
I say that’s a load of crap. It’s about time organizations suffering from a data breach owned up to the fact that they made a mistake. You see, the fine folks at Johnson and Johnson didn’t throw the pharmacy under the bus when Tylenol got poisoned in 1982, did they? NO! They accepted responsibility (even though it wasn’t their fault) and re-established trust with their customers.
This kind of response from Mr. Carr basically proves that organization has learned NOTHING from the data breach, which means inevitably it will happen again.
Read more of Mike Rothman’s commentary on CSO.