Newsflash. Heartland was not breached again today. Ok, I am being faecetious but there also is a very important point of truth to this post.
The CIO of Heartland, Steven Elefant, called me about my blog post the other day called “Heartland Breached Again?”. He wanted to clarify the incident and how it was handled. We spoke briefly and I am happy to admit I was wrong in my assumptions. I would like to follow the Heartland CEO playbook and say I actually was misled (just kidding) but I will take the heat for this one.
According to Mr. Elefant the real story is that Austin Police were misquoted and the press has not (yet) done a retraction.
My take on the responsibility for Heartland — the opportunity for them to step in with better end-to-end solutions — was inspired by the statement from police quoted in the news. Changing this statement does not affect my position on responsibility. On this point I was really surprised and pleased to hear that Heartland actually agrees with my post. Although their press releases did not reflect it they had offered the retailer a secure terminal to replace the system believed to be at fault. Set aside the question of who pays for such an upgrade the retailer received a secure option that goes far beyond just moving from Internet to POTS. I had assumed that nothing like this had been done. My bad. Good job Heartland.
The lesson in the breach may boil down to just much greater urgency in replacing insecure payment applications in the Austin retail area. I think that is a message Heartland can agree with.
Many thanks to Heartland for taking the time to reach out and explain in more detail. I hope that helps clarify.