Requirements for entities that suspect or have confirmed a compromise event
Any entity that suspects or confirms unauthorized access to and/or misuse of any cardholder data, including any entity that stores, processes, or transmits cardholder data or has access to a payments environment or systems is required to adhere to certain requirements.