Heartland CEO: Honesty Is Best Breach Policy

At the InformationWeek 100 conference, Heartland CEO told the story of how doing the right thing saved his company.
10 IT Hiring Trends Confounding Private, Public-Sector CIOs
10 IT Hiring Trends Confounding Private, Public-Sector CIOs
(Click image for larger view and slideshow.)

Robert O. Carr, CEO of Heartland Payments, took the keynote stage at the InformationWeek Conference on Tuesday to talk honestly about honesty.

Heartland fell victim to one of the largest breaches in history in 2008 when as many as 100 million credit cards were possibly compromised. This was the type of breach that could put a company out of business.

In fact, it had.

"We're paid to keep things secure," Carr said during the conference on Tuesday. "And when we get breached it is a big deal. There had only been one payment processor breached before, and they went out of business."

Carr told a fairly harrowing story that included $150 million in payments, a scramble to be the first payments company to bring end-to-end encryption to the US, and, most importantly, of good old-fashioned customer relations.

"Our lawyers said 'Don't go public.' Our crisis management said not to go public. 'If you say the wrong thing, you might go to jail. And the people who work with you might as well.' "

But the very next morning at 9 a.m., Heartland announced the breach. And right after, Carr instructed the 2,500 employees of Heartland to contact all of their customers and tell every one of them everything they knew about the breach.

It is that honest, forthright attitude that Carr credited with Heartland's survival. He said he believes the trust the company built before and after the breach is what got it through. "We did a good job of telling the truth through the years," he said.

[ What else has been happening on the IWeek Conference stage? Read Chris Anderson: Weaponized Lego, Drones & IoT. ]

"In the end, we had a good reputation in the industry," Carr explained. "The merchants went to bat for us. I also think Visa and MasterCard thought, 'If we put these guys out of business, what happens when other companies get breached?' "

Heartland has emerged from the crisis as the No. 5 payment processor and the No. 8 payroll processor in the world. It processes $120 billion in annual volume for more than 320,000 customers. You don't get to do that without repairing a lot of relationships.

We often talk about "getting ahead of the story." What Heartland did was more than get ahead of it. It re-wrote the story with a fast and honest response. That's a lesson for every leader facing a crisis.

Interop Las Vegas, taking place April 27-May 1 at Mandalay Bay Resort, is the leading independent technology conference and expo series dedicated to providing technology professionals the unbiased information they need to thrive as new technologies transform the enterprise. IT Pros come to Interop to see the future of technology, the outlook for IT, and the possibilities of what it means to be in IT.

Editor's Choice
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
John Edwards, Technology Journalist & Author
John Edwards, Technology Journalist & Author
James M. Connolly, Contributing Editor and Writer