DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Apres le breach, yet another call for greater cooperation to fight data theft

Posted on December 19, 2009 by Dissent

And the year draws to a close as it opened: with a call for greater cooperation in preventing security breaches. At the beginning of the year, it was Heartland Payment Systems. Now, following lawsuits against it by restauranteurs in Louisiana who were hacked while using one of its POS applications, Radiant Systems is trying to sound its own clarion call for greater cooperation among those involved in processing transactions. In a press release issued yesterday, the company writes:

“Our vision is to encourage all involved in transaction processing to move from a mindset of independent compliance to one of collaborative security that will greatly reduce the risk of data theft,” said John Heyman, chief executive officer at Radiant Systems. “We believe the current data security blueprint in the payments industry is designed with many constraints in mind and therefore is not able to go far enough.”

[…]

“We have expanded the responsibilities of Jimmy Fortuna, vice president of product development for the hospitality division at Radiant Systems, to now include industry data security,” added Heyman. Fortuna brings 10 years of industry experience to this role. “Jimmy will work inside and outside the walls of our company to fight for increased levels of data security in the retail and restaurant industries.”

Radiant is investing in these activities to help define new standards across the payment process, educate businesses on how to reduce theft by meeting the current 12-step Payment Card Industry Data Security Standard (PCI DSS) requirement process, and build new technologies outside its POS software to combat theft.

To date, Radiant has declined to discuss any specifics involving the lawsuits against it, and details of the hacks have come only from the restauranteurs, leaving many questions unanswered.

What did Radiant do in 2007 when its earlier Aloha systems were declared noncompliant? Did it notify all distributors to stop selling those systems and did anyone contact customers to alert them and advise them? Following an August 2008 meeting between Visa, the Secret Service, and Louisiana restauranteurs, Radiant issued a security alert. But what had it done before then to ensure that customers who used their platform were aware of the problems? Yes, it is ultimately the merchant’s responsibility to remain compliant, but it’s unrealistic to expect small merchants to search for or read bulletins that may or may not apply to them. As Radiant looks to prevent future problems, what is Radiant suggesting be done going forward?

Will Radiant go so far as to recommend that vendors be required to commit to notifying customers of security alerts? If not, what will Radiant agree to support?

If a car has a safety defect, it is the car manufacturer’s responsibility to notify customers to bring their car in. We don’t expect car owners to check the manufacturer’s site or the Highway Safety web site to find out if their car poses a hazard to them. Why doesn’t the same notion of responsibility apply here? Or does it already?

Whether Radiant’s call is simply an attempt at PR in response to the bad press they have received over the lawsuits or a serious commitment that they will follow up on remains to be seen and I expect we’ll see some “lessons learned” as an outgrowth of this incident. But will it be enough to significantly reduce the likelihood of future breaches? As long as there continues to be intensive efforts to cover up breaches or to prevent the public from finding out the full scope of breaches, I doubt it.

Photo credit: “Clarion call” by lonecellotheory, Flickr, used under Creative Commons License.

Category: Commentaries and Analyses

Post navigation

← Attorney for doctors in WDH privacy breach disputes AG's finding
UK: Shropshire Council found in breach of the Data Protection Act →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.