Data Breach Costs Heartland $140M

Heartland Payment Systems notched a quarterly profit when it announced its results for the first three months of this year, but settlements over one of the largest payment data breaches ever—in 2008—cut into the bottom line by at least $140 million, according to a report by Computerworld.

First quarter net income hit $1.6 million, exclusive of the insurance claims paid after the breach, which Heartland disclosed in January 2009, Credit Union Times reported.

The New Jersey-based payment processor's payout tally has reached about $60 million with Visa, $3.5 million with American Express, about $4 million in claims from a class action lawsuit and another $26 million in legal fees. The figure includes a settlement totaling nearly $60 million with Visa, another of about $3.5 million with American Express and more than $26 million in legal fees. The company also set aside $42.8 million for future settlements with other litigants.

About 130 million credit and debit cards were compromised in the breach, in which Heartland officials said unknown intruders had broken into its systems sometime in 2008 and planted malicious software to steal card data carried on the company's networks. Industry experts believe Heartland could wind up paying out more than the $250 million tally that TJX Companies Inc. estimated it needed to spend after its massive 2006 data breach.

A study by the Ponemon Institute pegged the average cost per compromised record for data breaches at $204 in 2009. The average cost to a company for each security breach incident hit $6.75 million. The Associated Press reported that Heartland still forecast increases in credit and debit card transactions to the point where it plans to hire hire 1,200 new workers for its sales force to meet demand.