To the Editor:
Heartland Payment Systems announced last month one of the largest data breaches on record ["Post-Breach Goal: Wider Encryption" Jan. 29]. Hackers implemented malware to gain access to Heartland's systems and escaped with 100 million credit and debit card numbers.
The end result could see millions of citizens become the victims of identity theft, potentially costing millions of dollars in fraud losses.
From RBS Worldpay, Hannaford Brothers Co., and TJX Cos. Inc. to CardSystems Solutions and now Heartland Payment Systems, we're now in the hundreds of millions of people affected by data breach, impacting nearly every family in America.
Organizations continue to be more concerned with their bottom line than the well-being of their customers. This callous attitude was antiquated in 2005, much less 2009. We must take action now. True cybersecurity will not become a reality until governments and corporations are held accountable for protecting citizen data. What is it going to take for organizations and governments to act?
From my perspective, these critical actions are necessary.
Organizations must encrypt all customer information and card numbers — even inside the network. Organizations should also implement policies for strong authentication and persistent encryption — files or data remain encrypted no matter where they are moved, copied, sent, or stored.
Congress must standardize data breach notification laws and call for technology that truly protects consumer information. A national data breach bill, which is currently held up in congressional committee, would standardize the sea of fragmented data breach laws currently on the books in 38 states. This unified approach will make it less costly for all organizations to do business — not to mention protect the interests of consumers.
Now is the time for the Obama administration to implement change that truly helps protect the identities of Americans. Fraud will continue to plague financial institutions, retailers, corporations, and their customers until stronger data security policies are in place. President Obama has promised to make cybersecurity a top priority; now his administration, Congress, and corporate leaders need to fulfill that promise.Bill Conner
President and CEO
DallasEditor's Note: Entrust is a provider of digital security technology.