Exclusive Interview: Heartland's Bob Carr
CEO Discusses Lessons Learned from Historic Data BreachSpecifically, Carr sought counsel from the former CEO of Johnson & Johnson, manufacturer of Tylenol, to inquire what his company did to get through the 1982 disaster in which seven people died after bottles of the pain reliever were laced with poison. Tylenol went on to become a leader in tamper-resistant packaging, and Johnson & Johnson went down in business history as a model of crisis management.
The Heartland data breach, announced on Inauguration Day 2009, was orchestrated by organized cyber criminals and impacted an estimated 130 million credit/debit cards -- the largest such incident ever reported.
"I just couldn't believe it happened to us, of all companies," says Carr, reflecting on the Heartland breach in an exclusive interview. "We were so focused on security at all times."
With advice from his management team, attorneys, law enforcement - and, yes, the former CEO of Johnson & Johnson - Carr responded to the breach with openness and action.
"Our approach was: Be candid about this; tell the truth," Carr says. "Then because of this - not because we wanted it, that's for sure - I was basically handed a microphone, and I used that microphone to talk to our industry about fixing the root cause of the problem of weak security in our industry."
In this interview, Carr talks about leadership at a time of crisis, discussing:
- How he pulled together his incident response strategy;
- Lessons learned - what worked and what didn't;
- Advice for other business leaders in times of crisis.
"Don't blame other people," is Carr's first word of advice. "Communicate openly with employees and customers. Be transparent. And tackle the major causes of the problem - that's the #1 thing we did that helped us get through this."
And years from now, if another CEO tracks down Carr to seek his counsel for how to respond to a disaster of Heartland proportions, he knows exactly what he'll say. "The Tylenol model does work," he says. "This wasn't our invention, this [crisis management] concept. It was Johnson & Johnson's, and my hat's off to that company."
Hear the entire interview with Heartland Payment Systems CEO Bob Carr.