Firms 'should take responsibility for data breach incidents'

2009-08-18

It is time that organisations admitted responsibility for data breach incidents, it has been claimed.

Mike Rothman, senior vice-president of strategy at eIQnetworks and chief blogger at Security Incite, responded to an article in CSO in which Heartland Payment Systems' chief executive officer Bob Carr said that his firm's Qualified Security Assessors' (QSAs) audits were of little help in preventing a data breach.

Mr Rothman wrote on CSO that Mr Carr was "throwing his QSA under the bus for the massive data breach that happened under his watch".

He stressed that companies that suffer a data breach should admit that they made a mistake.

The kind of response that Mr Carr gave was a sign that Heartland Payment Systems has learnt nothing from the data breach and it will likely happen again, Mr Rothman added.

It recently emerged that three people have been charged with being responsible for five corporate data breach incidents, including the one involving Heartland Payment Systems.

Read more security news.