As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009.
While years ago, it may have been considered understandable for an organization to present itself as a victim after suffering a data breach, today the climate has changed significantly, and consumers expect companies to be open, forthcoming, and timely when responding to an incident.
The above example was considered so egregious that it warranted a headline in the mainstream media. That’s exactly the kind of bad publicity most companies would like to avoid.
Especially for companies with payment card data, as in the example above, it is critically important to have a well-established incident handling and communications plan to avoid making a bad situation much worse through poor communication.
With that in mind, consider reviewing Visa’s latest guidance for how to respond to a data breach. The following documents provide helpful details that can be incorporated directly into your Incident Response Plan.
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services