Just a reminder to businesses that there can be more cost to a data breach than your own recovery. In this case, Veridian Credit Union is suing Eddie Bauer for the cost of reissuing cards and other costs related to the breach. This is a class action suit, so others are likely to join in the party as well. The premise is that Eddie Bauer failed miserably in their security practices, took too long to notify those impacted and that they also failed to implement EMV chip technology.
It is entirely possible that due to the EMV chip liability shift, effective October of 2015, that they will have a good leg to stand on in the case of this lawsuit, especially if these were charges at POS systems in-store and the customers used an EMV-enabled card, but Eddie Bauer had not implemented EMV readers. That could get pretty expensive for them.
Keep this in mind if you operate a business and have not enable EMV chip processing. It could prove very costly in the long run.
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec