Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 07, 2009

Heartland breach cost $12.6 million, CEO says

Heartland Payment Systems Inc. said it was experiencing losses this quarter as a direct result of a massive data breach it disclosed in January when investigators discovered a malicious program sniffing credit card data passing through its systems.  The company said it took a $2.5 million loss for the quarter as a result of spending more than $12.6 million in legal bills, fines from MasterCard and Visa and administrative costs.

“Much of the legal work remains to be done and it is difficult to anticipate when these matters will come to a conclusion.”

Carr also admitted for the first time that since the Princeton, N.J.-based processing giant announced a breach of its systems, some of the payment processor’s clients have switched to competitors as a result of the breach.

“We have had some competitors telling merchants falsely that they would be fined $10,000 a day if they stay with Heartland.

More than $500,000 relates to a fine assessed by MasterCard against the sponsored banks in which the card company said Heartland failed to take appropriate action upon learning that a breach was suspected.

“Heartland believes that it responded appropriately to all the information that it learned regarding the possibility of a system breach and upon discovering the intrusion it took immediate and extraordinary action to address the intrusion,” Carr said.  In addition, the company said it would implement end-to-end encryption when payment transaction data is sent from the merchant to the processor.  Heartland is in discussions with some of the card brands to improve encryption, he said.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1355922,00.html

Posted on 05/07
NewsPermalink