An article relating to this blog post on Finextra:
US payment processor Heartland reports massive data breach
Heartland Payment Systems says it has found malicious software in its processing system, potentially compromising the card data of millions of people.
Heartland Payment Systems first began receiving fraudulent activity reports from the card schemes late last year indicating a possible breach in its defences. The company called the Secret Service and breach forensics teams to investigate and eventually
traced the source of the leak to a piece of installed malware last week.
So why wait until late yesterday to tell the world about the attack? Could it be that Barrack Obama's inauguration day - when the world's media was trained on events in Washington - was considered a good day to bury bad news?
Not so, says Robin Baldwin, Heartland's president and chief financial officer.
"Due to legal reviews, discussions with some of the players involved, we couldn't get it together and signed off on until today," Baldwin told the
Washington Post. "We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognising of course that this is not an ideal day from the perspective of visibility."
Weasel words. If the over-riding concern is to ensure transparency, surely it would be better to hold off for a day when good visibility would be guaranteed?