Heartland to pay $3.6 million to American Express for breach

Processor said the settlement resolves "issues between the two parties" as a result of its massive data security breach.

Heartland Payment Systems has reached a settlement with American Express, paying the credit card brand $3.6 million for expenses it incurred as a result of Heartland's massive data security breach.

Heartland breach:
Three indicted for Hannaford, Heartland data breaches: A grand jury has charged three men for their role in stealing more than 130 million credit and debit cards from Heartland Payment Systems and several other companies.

New defenses for SQL injection attacks: By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites.

In a statement, Heartland CEO Bob Carr said the settlement with American Express would "resolve all intrusion-related issues between the two parties."

"We are pleased to have reached an equitable settlement with American Express," Carr said.

In January, Heartland disclosed a massive security breach of more than 130 million credit and debit card numbers. Since then, the payment processor has been working to settle the repercussions, absorbing expenses for technology upgrades as well as costs incurred by financial institutions for replacing millions of consumer credit cards. The payments processor is also battling a number of lawsuits accusing it of negligence.

Heartland's systems were breached last year when hackers installed malware to sniff data crossing the company's network. The breach took place, despite the processor being compliant with the Payment Card Industry Data Security Standards. Visa dropped Heartland from its list of PCI compliant vendors in March. The firm regained its compliance status in May.

SearchSecurity radio:

A number of arrests have been made in connection with the breach. The U.S. Department of Justice charged Albert Gonzalez and two Russian hackers for their role in a spate of breaches, including intrusions at 7-Eleven Inc. and Hannaford Brothers Co supermarkets.

The men were believed to have started devising a plan to penetrate the networks beginning in 2006. SQL injection attacks were believed to be carried out by gaining access through vulnerabilities in point-of-sale systems and then installing a packet sniffer to read network traffic for the account data.

In addition, Heartland has paid fines to Visa Inc. and MasterCard for the intrusion. In a conference call to investors in May, Heartland CEO Bob Carr said the company took a loss in the first quarter as a result of the breach related expenses. About $1 million was paid to Visa. The Princeton, N.J.-based firm said it spent $12.6 million related to the breach at the time.

Dig deeper on Data breaches and prevention strategies

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close