Heartland Payment Systems Inc. last week disclosed that it has so far spent or set aside more than $12.6 million to cover costs related to a major data breach that the credit card payment processor disclosed in January.
The company blamed the breach in part for a loss in its latest quarter.
In a conference call to discuss the company's quarterly results, Heartland CEO Robert Carr said the bulk of the breach costs so far are from a fine imposed by MasterCard Inc. Carr didn't disclose the amount of the fine, estimated at $7 million by Gartner Inc.
Carr added that Heartland plans to appeal the fine. MasterCard claimed that the processor had failed to respond appropriately after it was notified of a potential breach. But Heartland believes that it did respond properly and that "upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion," Carr said. In a statement to Computerworld, Mastercard said that it "believes the fines it imposed were warranted and consistent with its rules."
Princeton, N.J.-based Heartland is one of the largest payment-processing companies in the country, with about 250,000 customers. It announced on Jan. 20 that intruders had broken into its systems several months earlier and potentially compromised data on as many as 100 million credit and debit cards.
The intrusion is believed to have started last May, though it remained undiscovered until January. The company was warned earlier by credit card companies about suspicious activity related to transactions it had processed.
The spending or setting aside of $12.6 million so far "seems reasonable based on what they have publicly talked about," said Gartner analyst Avivah Litan. But she added that "the case still remains shrouded in too much mystery to know for certain what other potential damages will add up to."
This version of this story originally appeared in Computerworld 's print edition.
This story, "Heartland Breach Cost $12.6 Million and Counting" was originally published by Computerworld.