Exclusive Interview: Heartland's Bob Carr

CEO Discusses Lessons Learned from Historic Data Breach
Exclusive Interview: Heartland's Bob Carr
Eighteen months ago, when the Heartland Payment Systems data breach first hit the news, Heartland CEO Bob Carr knew exactly where to turn - to Tylenol.

Specifically, Carr sought counsel from the former CEO of Johnson & Johnson, manufacturer of Tylenol, to inquire what his company did to get through the 1982 disaster in which seven people died after bottles of the pain reliever were laced with poison. Tylenol went on to become a leader in tamper-resistant packaging, and Johnson & Johnson went down in business history as a model of crisis management.

The Heartland data breach, announced on Inauguration Day 2009, was orchestrated by organized cyber criminals and impacted an estimated 130 million credit/debit cards -- the largest such incident ever reported.

"I just couldn't believe it happened to us, of all companies," says Carr, reflecting on the Heartland breach in an exclusive interview. "We were so focused on security at all times."

With advice from his management team, attorneys, law enforcement - and, yes, the former CEO of Johnson & Johnson - Carr responded to the breach with openness and action.

"Our approach was: Be candid about this; tell the truth," Carr says. "Then because of this - not because we wanted it, that's for sure - I was basically handed a microphone, and I used that microphone to talk to our industry about fixing the root cause of the problem of weak security in our industry."

In this interview, Carr talks about leadership at a time of crisis, discussing:

  • How he pulled together his incident response strategy;
  • Lessons learned - what worked and what didn't;
  • Advice for other business leaders in times of crisis.

"Don't blame other people," is Carr's first word of advice. "Communicate openly with employees and customers. Be transparent. And tackle the major causes of the problem - that's the #1 thing we did that helped us get through this."

And years from now, if another CEO tracks down Carr to seek his counsel for how to respond to a disaster of Heartland proportions, he knows exactly what he'll say. "The Tylenol model does work," he says. "This wasn't our invention, this [crisis management] concept. It was Johnson & Johnson's, and my hat's off to that company."

Hear the entire interview with Heartland Payment Systems CEO Bob Carr.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.