Heartland reveals huge cost of data breach

Data breaches can end up costing millions

Payment processing firm Heartland Payment Systems has finally revealed that the major data breach it suffered last year has cost the company more than $12m (£7.9m) in fines and legal costs.

Heartland chief executive Robert Carr explained during a conference call with investors that the firm had taken a $12.6m hit in this quarter in "expenses and accruals" resulting from the breach.

"The smaller part of these intrusion related expenses represents legal and other expenses related to the intrusion, and less than $1m related to fines assessed by Visa against our sponsor banks, which our sponsor banks are contesting," he said.

"However, more than 50 per cent of this expense relates to a fine that MasterCard assessed against our sponsor banks, ostensibly because of an alleged failure by Heartland to take appropriate action on having learned that its computer system may have been breached and on thereafter having discovered the intrusion."

However, Carr said that the firm would be contesting the MasterCard fine as unfair, and told Heartland’s sponsor banks to do the same.

With the legal costs of this case still racking up, the news should stand as a cautionary tale for companies that fail to take data security and compliance seriously.

However, the damage to a firm's brand and reputation is likely to be greater and more significant," warned Carr.

"We are in a cyber crimes arms race, and we need to stay ahead of the bad guys who never rest and do not call committee meetings to update their malicious tools and attack vectors," he said.