Commentaries and Analyses – Page 870

Gonzalez: The Al Capone Of Cyber Thieves?

Posted on August 19, 2009 by Dissent

Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzalez and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made. As one example, they write: For example, 7-Eleven is a new name in the breach circle, and the…

Audit of Dept of Energy reveals unaddressed problems

Posted on August 18, 2009 by Dissent

From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…

An open letter to Heartland CEO Robert Carr

Posted on August 13, 2009 by Dissent

Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….

Opinion: Heartland CEO Must Accept Responsibility

Posted on August 13, 2009 by Dissent

I just read Bill Brenner’s interview with Heartland Payment Systems’ CEO Bob Carr [Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling. Basically, he’s throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn’t find anything, therefore he…

Heartland CEO on Data Breach: QSAs Let Us Down

Posted on August 12, 2009 by Dissent

For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least. In January, the Princeton, N.J.-based provider of credit and debit processing, payment and check management services was forced to acknowledge it had been the target of a data breach — in hindsight, possibly the largest to…

Methinks he might protest too much

Posted on August 1, 2009 by Dissent

As someone who routinely makes snarky pronouncements about breaches, I was actually impressed by how Toronto Hydro handled their recent data breach. Yet some people were strongly critical. The facts of the breach, as I currently understand them are that: 179,000 Toronto Hydro customer account numbers were illegally accessed in the company’s e-billing system. Toronto…