Heartland CEO says data breach was 'devastating'
Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year.
"I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach," he told Computerworld.
Five months after Heartland announced what some think may be the biggest data breach ever, Carr is working over-time to limit the fallout from the incident, and the damage to the company's reputation.
Since the incident was disclosed, Heartland has accelerated an end-to-end encryption program for protecting card data that it aims to complete in the third-quarter. The company is simultaneously pushing a broader effort to develop an industry-wide standard for encrypting data white it's being transmitted over networks.
The company has also co-founded a group called the Payment Processor Information Sharing Council to give organizations in the payments industry a forum for sharing information about security threats, vulnerabilities and fraud. At the group's first meeting in May, Heartland handed out a USB drive containing the malicious code that it had discovered on its networks as a sign of its willingness to share details of the attack with others in the industry. Carr has also been reaching out personally to customers, industry groups, security analysts and media to explain what the company has been doing in response to the breach. When rival firms tried to scare Heartland customers over the possible repercussions of using Heartland as a processor, Carr quickly fired out cease and desist letters.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
