Wednesday, October 7, 2009

Lawsuit: Heartland Knew Data Security Standard was 'Insufficient'


Complaint Says CEO Described PCI as 'Lowest Common Denominator' of Protection
October 5, 2009 - Linda McGlasson, Managing Editor

Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.

This is the contention of a new master complaint filed in the class action suit against Heartland, which in January announced a data breach that is now estimated to be the largest known hack, involving 130 million credit and debt card accounts.

In a November 2008 earnings call, according to the complaint, Carr told analysts, "[We] also recognize the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions, one which we have the ability to implement without waiting for the payments infrastructure to change." ...

....Heartland executives have said consistently that the company was PCI-compliant at the time on the breach, which the complaint now says may have begun as early as December 2007. Visa, however, removed Heartland from its list of PCI-compliant service providers in March of this year, and one Visa security executive was quoted as saying "We have never seen anyone breached that was PCI compliant."

Heartland was re-certified as PCI compliant in May. (Full text at www.bankinfosecurity.com)
As I've said in past articles, I was one of the 130 million victims. When I was notified in January 2009, I was in Las Vegas doing a seminar on Id Theft at a national convention. My credit union called me and told me that they had to close out my debit card due to the breach. Here I was with $7 in my pocket, no other credit cards with me and 2 more days in Vegas.

I guess "What happens in Vegas - Stays in Vegas!"

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

No comments:

Child Identity Theft Does Happen

Identity Theft Shield Overview