A year after the big breach, Heartland is still paying for hack

Dark Reading Staff, Dark Reading

January 8, 2010

2 Min Read

Heartland Payment Systems and Visa today announced a settlement agreement that will allow issuers of Visa-branded credit and debit cards to recover some of the money they lost a year ago, when the payment processor was breached for approximately 130 million records.

Heartland will pay up to $60 million to fund the settlement program, which will be presented to eligible issuers in the coming days, the companies said.

"We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," said Ellen Richey, chief enterprise risk officer at Visa, in a statement.

Bob Carr, Heartland's chairman and CEO, stated: "We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion."

The Visa/Heartland settlement agreement is contingent on acceptance by financial institutions representing 80 percent of the eligible issuers' U.S. accounts that Visa considered to have been placed at risk of compromise during the Heartland intrusion.

Heartland will fund up to $59.22 million of the amounts to be made available to Visa and its issuers under the settlement program. Additionally, Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland's sponsoring bank acquirers toward the $60 million maximum funding of the program.

All U.S. card issuers who participate in the program will be eligible to receive a portion of the specified recovery. The settlement also includes recovery for international issuers of accounts Visa considered to have been placed at risk of compromise.

Participation in the settlement program supplants any other recoveries that may be available to issuers through Visa and requires accepting issuers to release Heartland, its sponsoring bank acquirers and Visa from any legal and financial liability related to the Heartland intrusion.

Visa will send eligible issuers their formal offers to participate in the program on Jan. 14. Eligible issuers will have until Jan. 29, 5 p.m. PT, to opt into the program before the offer expires.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights