Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….
Category: Commentaries and Analyses
Opinion: Heartland CEO Must Accept Responsibility
I just read Bill Brenner’s interview with Heartland Payment Systems’ CEO Bob Carr [Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling. Basically, he’s throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn’t find anything, therefore he…
Heartland CEO on Data Breach: QSAs Let Us Down
For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least. In January, the Princeton, N.J.-based provider of credit and debit processing, payment and check management services was forced to acknowledge it had been the target of a data breach — in hindsight, possibly the largest to…
Methinks he might protest too much
As someone who routinely makes snarky pronouncements about breaches, I was actually impressed by how Toronto Hydro handled their recent data breach. Yet some people were strongly critical. The facts of the breach, as I currently understand them are that: 179,000 Toronto Hydro customer account numbers were illegally accessed in the company’s e-billing system. Toronto…
Clarence employees criticized in audit
The Clarence High School principal and other district employees repeatedly used district computers for personal use, the state comptroller’s office said. An audit critical of the district found that some equipment apparently was lost or stolen, while other equipment was taken home, and income tax programs, thousands of photos and music files, detailed medical histories…
Leahy’s data breach bill’s flawed assumptions
The chairman of the powerful U.S. Senate Judiciary Committee, Sen. Patrick Leahy, is trying—after two failed attempts—to get his data breach bill made into law. But even though his bill would answer the pleas of many retailers by creating one single national standard for handling major retail data breaches, the bill’s details don’t deliver the…