CITGO Petroleum Corp. has put in place a procedure on how branded stations and wholesalers should respond to data breaches. Its requirements are outlined in the company’s just-released payment card guide.The policy is a sign of the times, as even prominent convenience-fuel retailers have been hit with breaches affecting hundreds of stores.Here are the key components from the CITGO guide: 1.Actual or suspected breaches must be reported to CITGO’s Data Breach Team by phone or email within 24 hours after the marketer, employee, customer or vendor becomes aware of the incident. This includes ransomware attacks.
展开▼
