Heartland Pays $3.6 Million to American ExpressFirst Settlement to Result from Landmark Data Breach Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach.
The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.
"We are pleased to have reached an equitable settlement with American Express," says Bob Carr, Heartland's chairman and chief executive officer. "This settlement marks the first agreement with a card brand related to the intrusion."
The U.S. Department of Justice has charged Albert Gonzalez and other accomplices with the Heartland attack, and says that it was only one of several other companies that Gonzalez and the other hackers targeted with SQL injection attacks.
The other companies hacked include 7-Eleven and Hannaford Brothers. Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach.
Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be fined by other brands, including Visa and MasterCard.