Heartland Payment Systems Inc. has agreed to pay up to $60 million to issuers of Visa-branded credit and debit cards who incurred losses from the 2008 breach of the payment processor's systems.
The settlement, announced Friday, comes nearly a year after Heartland disclosed the breach. A Miami-based hacker, Albert Gonzalez, pleaded guilty last week to orchestrating the attack on Heartland and several other companies in which more than 130 million credit and debit cards were stolen.
The settlement agreement between Heartland and Visa Inc. represents a "significant victory to Visa issuers for losses they may have suffered from the Heartland data security breach," Heartland said in its announcement. Princeton, N.J.-based Heartland will pay up to $60 million to fund the settlement program, which is subject to certain conditions.
"We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," Ellen Richey, Visa chief enterprise risk officer, said in a statement.
Scores of banks and credit unions were forced to reissue credit and debit cards after Heartland disclosed the breach .
Visa plans to notify eligible issuers soon with details about the settlement program and how to participate and will send them formal participation offers on Jan. 14. Card issuers who are eligible for the program have until Jan. 29 to opt-in to the program.
Last month, Heartland said it agreed to pay up to $2.4 million to settle cardholder class-actions for losses from the payment processor's massive data security breach. The company also announced a settlement with American Express in which it will pay the credit card company $3.6 million to resolve intrusion-related issues.
Also last month, Heartland announced that a U.S. District Court judge in New Jersey dismissed a shareholder class-action suit against it resulting from the data breach.