As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009.
While years ago, it may have been considered understandable for an organization to present itself as a victim after suffering a data breach, today the climate has changed significantly, and consumers expect companies to be open, forthcoming, and timely when responding to an incident.
The above example was considered so egregious that it warranted a headline in the mainstream media. That’s exactly the kind of bad publicity most companies would like to avoid.
Especially for companies with payment card data, as in the example above, it is critically important to have a well-established incident handling and communications plan to avoid making a bad situation much worse through poor communication.
With that in mind, consider reviewing Visa’s latest guidance for how to respond to a data breach. The following documents provide helpful details that can be incorporated directly into your Incident Response Plan.
What To Do If Compromised Version 3.0 Visa Public
Responding to a Data Breach – USA Visa
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services
Are you prepared for a cyber security incident? Assess your incident response readiness. We can help if you have a security incident to help minimize the impact.
Incident Response Hotline: 800-925-0559
