Security breach has cost Heartland £8.4m so far

The security breach that Heartland Payment Systems disclosed earlier this year has cost the company $12.6 million (£8.4 million) so far.

Share

The security breach that Heartland Payment Systems disclosed earlier this year has cost the company $12.6 million (£8.4 million) so far.

This figure includes legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the quarter.

Heartland has detailed plans to protect its credit and debit-card processing network with an end-to-end encryption system that it will begin rolling out with its merchants in the third quarter.

"We are in a cybercrime arms race," said Bob Carr, Heartland's chair and CEO, in explaining why Heartland intends to deploy the custom-built encryption equipment.

During the company's financial earnings call, Carr and other Heartland executives acknowledged the breach is proving a heavy financial burden and that there's no estimated total cost.

Heartland executives also strongly refuted MasterCard's assertion that Heartland did not respond quickly enough or appropriately to information it was given related to the breach. Without providing more detail, Heartland said it will contest MasterCard's assertions legally.

Heartland processes about 100 million card transactions each month, and it's not yet clear exactly how much fraud was committed when cyber-crooks tapped into Heartland's payment network. Visa and MasterCard, as well as some banks, have indicated fraud can be traced back to the Heartland breach.

"Sniffers were put on the network by bad guys," said Carr in an interview this week with Network World, during which he described how cybercriminals were able to capture card information travelling in the clear between merchant point-of-sale devices and the processor's network.

"Recommended For You"

Visa: Criticism of PCI standard 'misplaced' New data breach could be bigger than TJX's