Heartland One Year Later: What Have We Learned?
Heartland Payment Systems announced on that same Tuesday morning, shortly before Obama's inauguration ceremony, that it had suffered a breach of payment card data. It wasn't clear from Heartland how big the breach was, but the feeling that I got in the pit of my stomach was that it was big.
We later came to know just how big it was. The 130 million credit and debit cards taken by hacker Albert Gonzalez and his accomplices was not just a staggering number; it was the largest breach of card data known to date.
Now it is one year after the biggest data breach in history, and what has happened?
Now it is one year after the biggest data breach in history, and what has happened? Do we have stronger security? That is a question that still needs an answer, but in the meantime we're also still sorting out the money owed to the financial institutions and customers that were victims of this breach.
While there has been a lot of hand wringing, finger pointing and misdirection of blame in this breach, the one thing that still awaits is justice. Albert Gonzalez faces his sentencing in March. A class action suit against Heartland on behalf of the financial institutions awaits a judge in Houston, TX. Settlement offers are being made by card brands to financial institutions, including American Express' $3.6 million and Visa's $60 million settlement offers.
But the real justice isn't about the money taken and the fraud that hit institutions across the U.S. The settlement money being offered institutions is a pittance to cover what the real costs incurred by the institutions are in terms of card replacements, not to mention the lost confidence of customers. There are the hidden costs of a data breach that can't be measured in dollars, but rather in loss of trust and confidence in an institution by its customers.
That loss isn't something that can be easily replaced.