Heartland Reaches Settlement with AmEx Over Data Breach

Heartland Payment Systems announced it has reached a settlement with American Express regarding the massive data breach revealed earlier this year. The $3.6 million dollar settlement is only the beginning for Heartland as they are also working on reaching settlements with MasterCard and Visa.

The breach was the largest in history, affecting over 100 million credit and debit cards. The company said they had discovered data stealing malware on their system, which processes payments for over a quarter of a million companies. Heartland says no SSN, PINs, or other personal information was stolen.

MasterCard and Visa both hit Heartland with steep fines after the breach was announced, claiming the company was negligent and failed to take corrective actions once they knew of the breach.

“Heartland believes that it responded appropriately to all information that it learned regarding the possibility of the system breach, and that upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion,” Heartland Chairman and CEO Bob Carr said.

Security experts say Heartland deliberately tried to downplay the breach by announcing it on January 20^th, which was the day of the historic inauguration of President Obama. Some say doing so was downright deceptive.

Heartland’s problems aren’t over yet. Visa said that while the company was previously validated as Payment Card Industry Data Security Standard compliant, that status is now under review. If they lose that status they could find themselves losing business fast as businesses won’t do business with a processor that’s been cut off by the major CC companies.