Heartland Pays $3.6 Million to American Express

First Settlement to Result from Landmark Data Breach Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach.

The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.

"We are pleased to have reached an equitable settlement with American Express," says Bob Carr, Heartland's chairman and chief executive officer. "This settlement marks the first agreement with a card brand related to the intrusion."

The U.S. Department of Justice has charged Albert Gonzalez and other accomplices with the Heartland attack, and says that it was only one of several other companies that Gonzalez and the other hackers targeted with SQL injection attacks.

The other companies hacked include 7-Eleven and Hannaford Brothers. Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach.

Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be fined by other brands, including Visa and MasterCard.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.