Heartland pays Amex $3.6M over 2008 data breach
IDG News Service - Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network.
This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year.
The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks.
Other alleged victims include 7-Eleven and Hannaford Brothers. In total, the gang managed to steal more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford, prosecutors allege.
Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there.
Heartland has also had to pay out fines assessed by other brands such as Visa and MasterCard. Typically, these card brands levy fines against those responsible for data breaches. In May, Heartland CEO Bob Carr said that his company had set aside $12.6 million to handle charges related to the hack. More than half of that money was to handle fines levied by MasterCard, he said.
This settlement resolves "all intrusion-related issues between the two parties," Heartland said in a statement Thursday. However, the company's disputes with other brands such as Visa and MasterCard apparently remain unresolved. A company spokeswoman declined to comment further on the matter for this story.
"We are pleased to have reached an equitable settlement with American Express," Heartland's Carr said in the statement.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!