The Agency Insider with Linda McGlasson

Heartland One Year Later: What Have We Learned?

Heartland One Year Later: What Have We Learned?

I remember Jan. 20, 2009, as a date of historic significance. Not only did the country see the swearing in of the first African American U.S. President, but at the same time as the country's eyes were on Washington, D.C., there was another historic event happening.

Heartland Payment Systems announced on that same Tuesday morning, shortly before Obama's inauguration ceremony, that it had suffered a breach of payment card data. It wasn't clear from Heartland how big the breach was, but the feeling that I got in the pit of my stomach was that it was big.

We later came to know just how big it was. The 130 million credit and debit cards taken by hacker Albert Gonzalez and his accomplices was not just a staggering number; it was the largest breach of card data known to date.

Now it is one year after the biggest data breach in history, and what has happened? Do we have stronger security? That is a question that still needs an answer, but in the meantime we're also still sorting out the money owed to the financial institutions and customers that were victims of this breach.

While there has been a lot of hand wringing, finger pointing and misdirection of blame in this breach, the one thing that still awaits is justice. Albert Gonzalez faces his sentencing in March. A class action suit against Heartland on behalf of the financial institutions awaits a judge in Houston, TX. Settlement offers are being made by card brands to financial institutions, including American Express' $3.6 million and Visa's $60 million settlement offers.

But the real justice isn't about the money taken and the fraud that hit institutions across the U.S. The settlement money being offered institutions is a pittance to cover what the real costs incurred by the institutions are in terms of card replacements, not to mention the lost confidence of customers. There are the hidden costs of a data breach that can't be measured in dollars, but rather in loss of trust and confidence in an institution by its customers.

That loss isn't something that can be easily replaced.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.