2008: Heartland Payment Systems Breach
There were 134 million credit cards exposed following an attack on Heartland Payment Systems that targeted a Web application vulnerability and eventually gained access to the firms' sensitive systems. Heartland CEO Robert Carr blamed the company's PCI DSS assessors, explaining to reporters that it was compliant six months before the breach. Despite being breached by a common attack technique, Carr blamed credit card companies and the PCI Council. After those missteps, Heartland eventually turned the breach into a win by focusing on encouraging the industry to develop better encryption standards for credit card data. The breach eventually resulted in the arrest and conviction of Albert Gonzales.