Heartland Payment Systems Inc. has agreed to pay up to $2.4 million to settle cardholder class-actions for losses...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
from the payment processor's massive data security breach.
Under the proposed settlement, Princeton, N.J.-based Heartland will pay a minimum of $1 million to class members who submit valid claims for losses resulting from the breach, in which millions of credit and payment cards were stolen. The company disclosed the intrusion Jan. 20.
The settlement, which is subject to court approval, resolves all actions against Heartland related to the intrusion by anyone in the U.S. who used payment cards in the country between Dec. 6, 2007 and Dec. 31, 2008, and those who allege they suffered losses, the company announced Monday.
"We are pleased to have reached a fair and reasonable settlement agreement that helps cardholders recover losses they may have incurred directly related to the criminal intrusion," Bob Carr, Heartland's chairman and chief executive officer, said in a prepared statement. "We are committed to providing our merchants and their customers with a secure processing solution that protects them from the growing threat of cyber crime."
Heartland also will pay all administrative costs of the settlement, including up to $1.5 million for the cost of notifying class members, and $760,000 for attorneys representing the consumers in the class actions. The company also agreed to submit a report from an independent expert on what it's done and plans to do to improve its computer security in the wake of the breach.
Last week, the company announced a settlement with American Express in which it will pay the credit card company $3.6 million to resolve intrusion-related issues. Earlier this month, Heartland announced that a U.S. District Court judge in New Jersey dismissed a shareholder class-action suit against it resulting from the data breach.
Heartland's systems were breached last year when hackers installed malware to sniff data crossing the company's network. In August, a grand jury indicted Albert Gonzalez and two Russians on charges of stealing more than 130 million credit and debit cards from five companies, including Heartland.