Heartland Payment Systems on 8 Jan. announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008.
According to Heartland’s news release, the settlement agreement is “contingent upon acceptance by financial institutions representing 80 percent of the eligible issuers’ U.S. accounts that Visa considered to have been placed at risk” when convicted hacker Albert Gonzalez and his crew broke into Heartland’s network. The breach was disclosed by Heartland in January of 2009 and is believed to have exposed more than 100 million credit and debit card numbers.
“We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion,” Ellen Richey, chief enterprise risk officer for Visa, said in a statement. “Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa’s security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system.”
The Heartland release continued: “Heartland will fund up to $59.22 million (£36.71m) of the amounts to be made available to Visa and its issuers under the settlement program. Additionally, Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland’s sponsoring bank acquirers towards the $60 million maximum funding of the program. The settlement amount represents a significant recovery to Visa issuers for losses they may have suffered due to the data breach.”
“We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion,” Bob Carr, Heartland’s chairman and CEO, said in a statement. “At Heartland, we are also committed to helping issuers—as well as all stakeholders in the payment ecosystem—mitigate future risk.”
After the breach, Heartland began pushing for industrywide adoption of end-to-end encryption. For many however, the breach underscored the fact that compliance with the PCI DSS (Payment Card Industry Data Security Standard) is not the be-all and end-all of security.
“Not all attacks will be prevented, but the size of the fine serves as a prime example of the importance of quickly identifying breaches when they occur,” said Don Gray, chief security strategist for Solutionary. “Had the breach been quickly identified, the number of payment cards affected [might] have been drastically reduced, leading to a much smaller fine.”
The settlement with Visa follows the company’s decision to settle with American Express for $3.6 million in December.
Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
View Comments
Anyone else here reading oei.T. WARS?? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary ? an eCulture ? for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, policies, and so on. Just Google oeiT WARS? ? check out a couple links down and read the interview with the author David Scott. (Full title is oei.T. WARS: Managing the Business-Technology Weave in the New Millennium?).