Heartland Reaches $41 Million Settlement With MasterCard Over Data Breach

In a legal settlement over its 2008 security breach, Heartland Payment Systems has agreed to pay up to $41.4 million to MasterCard Worldwide and its card issuers to repay operational costs and fraud losses attributed to the breach.

Under the agreement, Heartland will fund up to $41.4 million of "alternative recovery offers" to be made to eligible MasterCard card issuers to settle their claims for losses incurred as a result of the breach. Issuers accepting the offers must agree to certain terms and conditions.

The settlement comes nearly six months after Heartland reached a $60 million breach settlement with Visa.

"We feel that this settlement represents an appropriate and fair resolution for our issuing financial institution customers and will enable them to avoid uncertainties and delays associated with potentially protracted litigation," said Wendy Murdock, chief franchise officer for MasterCard Worldwide, in a statement. "The agreement underscores MasterCard's continuing efforts to maintain the integrity of payment card industry standards and mitigate the impact of account data compromise events."

Under the terms of the settlement, MasterCard card issuers that filed timely claims for reimbursement of operational expenses or to recover fraud losses on certain accounts processed by Heartland during 2008 will be eligible to receive a specified dollar payment with receipt expected during the third calendar quarter of 2010, if they choose to accept their offers.

The settlement is contingent upon, among other things, MasterCard card issuing financial institutions representing at least 80 percent of the claimed-on MasterCard accounts having accepted their offers by June 25.

Issuers that choose to accept their offers must agree to forgo any other remedies or recoveries they might otherwise be able to obtain from Heartland and its acquirers by reason of the Heartland data security breach, and to release MasterCard, Heartland, and Heartland's acquirers from all legal and financial liability associated with the breach.

Issuers that elect not to accept their offers will have their claims determined pursuant to MasterCard's internal processes. They may receive more or less than the amounts they were offered or nothing at all, depending on various factors, including MasterCard's determinations of their claims and the outcome of any litigation that Heartland might file, and has threatened to file, to challenge claim awards that exceed certain amounts.

All MasterCard card issuers eligible to participate in the settlement will be notified soon, according to the company. The issuers will have until June 25 to decide whether to accept the alternative offers.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.