RSS Alerts

Related Links

Related Stories

  • QSA system is broken, says Heartland CEO
    In a session titled ‘Enhancing payment security in 2010’, Robert O. Carr, Chairman and CEO or Heartland Payment Systems - the subject of potentially the world’s biggest data security breach earlier this year - declared that the model used by quality security assessors (QSA) is “broken”.
  • Firms failing on PCI DSS
    A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study.
  • The PCI Paradox - why PCI DSS isn't preventing data breaches
    PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem
  • Tightening the purse strings on information security
    As the recession continues to chew into information security budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that defenses remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organizations can negotiate the rough seas ahead.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

News

Heartland takes US$12.6m hit for breach

08 May 2009

Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance.

The credit card payment processor, which reported a massive breach of its internal systems in January, said that the US$12.6m was the result of legal action, fines by credit card companies, and administrative costs associated with the breach. 

"The majority of these expenses relate to a fine imposed by MasterCard due to our allegedly not taking appropriate action subsequent to learning of the possibility of the breach," said Heartland chief executive Robert Carr. "We believe we took immediate and extraordinary actions to address the intrusion and cooperate with the card brands' investigation of the intrusion, and that we responded appropriately to concerns that were raised leading up to the discovery of the intrusion," he added.

Heartland Payment Systems has also been subject to a mounting number of lawsuits from banks who had been affected by the breach of their customers' credit card data.

The company finally regained its position on Visa's list of PCI DSS validated service providers on Monday, after being removed from the list in the wake of the breach.

Heartland's systems were compromised after hackers placed sniffer malware on its systems and were able to pilfer credit card details from the company's network. The full extent of the breach is still not known.

 

This article is featured in:
Data Loss Encryption Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water