Heartland settles with American Express over breach

Heartland Payment Systems will pay American Express $3.6 million under a settlement related to the record-breaking data breach that the payments processor revealed earlier this year.

The deal, announced Thursday, finalizes any ongoing disputes between the card brand and Heartland over the massive data-loss incident, believed to have involved more than 100 million credit and debit cards.

Heartland has yet to announce settlements with Visa and MasterCard, a company spokeswoman told SCMagazineUS.com on Thursday.

Both of those card brands previously have imposed and collected fines from Heartland's acquiring banks. Those penalties were part of the $12.6 million that Heartland had set aside to pay for costs related to the intrusion. Roughly half of that amount went toward a MasterCard fine levied against Heartland's acquirers.

The fine, which is passed by the banks to Heartland, was issued because MasterCard alleged that Heartland failed to take proper actions after it learned of a possible breach and after it disclosed the incident to the public, Heartland Chairman and CEO Bob Carr said in May.

"Heartland believes that it responded appropriately to all information that it learned regarding the possibility of the system breach, and that upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion," Carr said.