Heartland Payment Systems, the source of what some analysts have called the largest card data security breach in history, has made an agreement with VISA Inc. under which some Visa issuers will be eligible for compensation for losses suffered because of the breach.
Heartland was the target of a coordinated criminal hacking attack for months in 2008 and made that fact public in January 2009. The firm has since been the subject of litigation stemming from the breach.
A joint announcement from both companies said the settlement will need participation from 80% of eligible Visa issuers in order to come into effect and will include mutual releases of liability from the participants.
"We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," said Ellen Richey, chief enterprise risk officer, Visa Inc. "Helping financial institutions mitigate costs after a data security breach has been a long-standing component of Visa's security strategy, along with promoting new security technologies, preventing fraud and leading efforts to secure sensitive data across the entire payment system."
Bob Carr, Heartland's chairman and chief executive officer, stated, "We are pleased to have reached a fair settlement agreement that helps issuers obtain a recovery with respect to losses they may have incurred from the intrusion. At Heartland, we are also committed to helping issuers-as well as all stakeholders in the payment ecosystem-mitigate future risk. We have assumed a leadership position in the development of enhanced data security and fostering the sharing of information."