Heartland To Pay Up To $60 Million In Breach Settlement With Visa
A year after the big breach, Heartland is still paying for hack
Heartland Payment Systems and Visa today announced a settlement agreement that will allow issuers of Visa-branded credit and debit cards to recover some of the money they lost a year ago, when the payment processor was breached for approximately 130 million records.
Heartland will pay up to $60 million to fund the settlement program, which will be presented to eligible issuers in the coming days, the companies said.
"We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," said Ellen Richey, chief enterprise risk officer at Visa, in a statement.
Bob Carr, Heartland's chairman and CEO, stated: "We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion."
The Visa/Heartland settlement agreement is contingent on acceptance by financial institutions representing 80 percent of the eligible issuers' U.S. accounts that Visa considered to have been placed at risk of compromise during the Heartland intrusion.
Heartland will fund up to $59.22 million of the amounts to be made available to Visa and its issuers under the settlement program. Additionally, Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland's sponsoring bank acquirers toward the $60 million maximum funding of the program.
All U.S. card issuers who participate in the program will be eligible to receive a portion of the specified recovery. The settlement also includes recovery for international issuers of accounts Visa considered to have been placed at risk of compromise.
Participation in the settlement program supplants any other recoveries that may be available to issuers through Visa and requires accepting issuers to release Heartland, its sponsoring bank acquirers and Visa from any legal and financial liability related to the Heartland intrusion.
Visa will send eligible issuers their formal offers to participate in the program on Jan. 14. Eligible issuers will have until Jan. 29, 5 p.m. PT, to opt into the program before the offer expires.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024