Heartland settles with American Express

Hackers first broke into Heartland's network in 2008

The severe financial implications of a data breach were highlighted this week after payment processing firm Heartland Payment Systems revealed that it has reached a settlement with American Express of $3.6m (£2.2m).

Heartland, the fifth largest payment processor in the US, suffered a major data breach in 2008, which it disclosed in January of this year, after hackers infiltrated its network.

The firm has already set aside a fund of over $12m (£7.45m) to compensate credit card companies, but the $3.6m settlement with American Express is the first specific agreement named.

"We are pleased to have reached an equitable settlement with American Express," said Bob Carr, Heartland's chairman and chief executive. "This settlement marks the first agreement with a card brand related to the intrusion."

The news will serve as another timely reminder to companies that fail to take data security and compliance with the Payment Card Industry (PCI) Data Security Standard seriously.

The legal costs and fines, as well as the cost of being recertified as PCI compliant, are easily quantifiable, but the damage to a firm's brand and reputation is likely to be more significant.