12/14/2009
The good news is that 2009 actually saw fewer security breaches than 2008. The bad news is that the total number of individuals affected by the breach is much higher than in 2008—thanks primarily to a couple of very big mega breaches. Here's a recap of these breaches and some lessons we might take from them:
Heartland Payment Systems (disclosed January 2009). Heartland Payment Systems processes more than 100 million credit card transactions per month. In January of 2009, Heartland disclosed that malware had been planted on its computers and had compromised credit card transaction information that crossed Heartland’s systems. About 100 million credit and debit cards are thought to have been impacted. Interestingly, Heartland had been certified PCI compliant by its Qualified Security Assessors.
Read more of this entry on Norbert's blog: http://privacy.wnj.com.