Heartland and Discover Agree to $5 Million Data Breach Settlement

In the latest aftershock to a massive data breach that took place in 2008, card payment processor Heartland Payment Systems yesterday announced a settlement agreement with Discover Financial Services in which Heartland will pay Discover $5 million.

The drama began Jan. 20, 2009 (coincidentally, the day of President Obama’s inauguration), when Heartland announced that malicious software had compromised its data the year before. Visa and MasterCard had alerted the payment processor of suspicious activity on some of its card transactions. Data exposed through the breach included card numbers, expiration dates, and in some cases, the names of customers who used debit or credit cards at Heartland’s network of 250,000 businesses.

In August 2009, the hackers who perpetrated the data breach, American Albert Gonzalez and two Russian accomplices, were indicted in federal district court in New Jersey on charges that they carried out the largest hacking and identity-theft caper in U.S. history. Federal prosecutors said the trio had stolen information about more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford supermarkets, 7-Eleven and Heartland Payment Systems. Gonzalez was sentenced to 20 years in prison.

Read the full Bank Systems and Technology article here.