14 DAY TRIAL // Heartland Payment Systems announced a settlement with Visa, which involves funding $60 million for the reimbursement of credit card issuers affected by the data breach the firm discovered in 2008. Under the terms of the agreement, Heartland will provide $59.22 million and Visa will cover the rest from fines previously imposed upon the company.
In 2008, during a computer network audit, the staff at Heartland Payment Systems, one of the largest payment processors in the United States, discovered unauthorized sniffing programs installed on its systems. A full investigation revealed that a considerable amount of credit card accounts were compromised during nine months until the breach was discovered.
Late last month, notorious hacker Albert Gonzales, who masterminded the hacks at several TJX companies, pleaded guilty to being involved in the Heartland breach, as well as others at Hannaford Brothers, 7-Eleven and two unnamed retailers. The technique used in all hacks, including the Heartland one, was SQL injection.
The settlement with Visa looks to provide recovery for the brand's credit card issuers who suffered losses from reissuing the credit cards compromised at Heartland. "We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," said Ellen Richey, chief enterprise risk officer at Visa, in a press release.
This settlement is subject to certain conditions and will go into effect only if issuers responsible for 80 percent of the compromised accounts agree to it. Eligible financial institutions will have until January 29 to decide if they want to opt-in and release Heartland and Visa of any other legal and financial obligation pertaining to this incident.
Since the data breach was uncovered, Heartland has taken a leadership role in advocating for the use of end-to-end encryption in the electronic payment industry. "We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion," Bob Carr, Heartland's CEO, commented. Last month, the company also settled with American Express for $3.6 million.