Where is Heartland’s Solution Provider – send me an email!

February 24, 2009 — Leave a comment

More on Heartland…this attack serves as a great case study on compliant vs. secure.  The recent Heartland attack mirrors that of TJX, who lost somewhere between 50 and 100 million credit card numbers over a three year period.  Recent USAToday reports indicate that this attack also started with an insecure wireless network in a store which was connected to Heartland.  Once on the network, thieves made their way into Heartland, setting up Trojan technology allowing them to sniff out credit cards being processed.  Heartland was PCI complaint!  A similar loss occurred in a recent attack on Hannaford Brother grocery stores – another PCI compliant establishment.  Hannaford lost 4.3 million credit cards.

Sales people often cave in when the client draws a line between assessments and remediation.  Don’t give into this sort of thinking.  It may not work on the government side, but assessments and audits differ, and solution providers that secure data must start by assessing risk.  If a firm claims to be compliant, security is still outstanding.

http://blogs.usatoday.com/technologylive/2009/01/heartland-could.html – this recent article reveals some of the litigation awaiting Heartland…Why didn’t their technology solution provider sell them the right security?

Advertisements

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s