Categories: SecuritySoftware

Visa Receives £37m Over Data Breach Incident

Heartland Payment Systems on 8 Jan. announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008.

According to Heartland’s news release, the settlement agreement is “contingent upon acceptance by financial institutions representing 80 percent of the eligible issuers’ U.S. accounts that Visa considered to have been placed at risk” when convicted hacker Albert Gonzalez and his crew broke into Heartland’s network. The breach was disclosed by Heartland in January of 2009 and is believed to have exposed more than 100 million credit and debit card numbers.

“We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion,” Ellen Richey, chief enterprise risk officer for Visa, said in a statement. “Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa’s security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system.”

The Heartland release continued: “Heartland will fund up to $59.22 million (£36.71m) of the amounts to be made available to Visa and its issuers under the settlement program. Additionally, Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland’s sponsoring bank acquirers towards the $60 million maximum funding of the program. The settlement amount represents a significant recovery to Visa issuers for losses they may have suffered due to the data breach.”

“We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion,” Bob Carr, Heartland’s chairman and CEO, said in a statement. “At Heartland, we are also committed to helping issuers—as well as all stakeholders in the payment ecosystem—mitigate future risk.”

After the breach, Heartland began pushing for industrywide adoption of end-to-end encryption. For many however, the breach underscored the fact that compliance with the PCI DSS (Payment Card Industry Data Security Standard) is not the be-all and end-all of security.

“Not all attacks will be prevented, but the size of the fine serves as a prime example of the importance of quickly identifying breaches when they occur,” said Don Gray, chief security strategist for Solutionary. “Had the breach been quickly identified, the number of payment cards affected [might] have been drastically reduced, leading to a much smaller fine.”

The settlement with Visa follows the company’s decision to settle with American Express for $3.6 million in December.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

  • Anyone else here reading oei.T. WARS?? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary ? an eCulture ? for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, policies, and so on. Just Google oeiT WARS? ? check out a couple links down and read the interview with the author David Scott. (Full title is oei.T. WARS: Managing the Business-Technology Weave in the New Millennium?).

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

4 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

4 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

5 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

5 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

6 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

6 hours ago