Heartland Payment Systems has agreed to pay up to $41m to Mastercard in settlement for claims arising from a high-profile breach involving the payment processing firm two years ago.
Under the agreement, MasterCard issuers who suffered losses as a result of the intrusion will be eligible for compensation from a $41.4m fund, providing banks left in a hole agree to the arrangement by the end of June.
The proposed settlement is the third Heartland has reached with major card brands. A previous agreement Visa was worth up to $60m while a settlement with American Express was negotiated for $3.6m. The combined fund is $105m.
Heartland said in January 2009 that a breach occurred after hackers planted malware on its systems, but didn't say how many records were disclosed as a result. Later estimates suggested up to 100 million records were exposed, a percentage of which were later used in fraud.
Notorious hacker Albert Gonzalez was charged with masterminding the attack in August 2009 along with a similar assault on Hannaford Brothers, and attacks on ATM systems leased by 7-Eleven.
According to prosecutors, Gonzalez leased hacking platform used in the attacks and tested malware on behalf of his accomplices, including Russian hackers tied up in a loosely connected but prolific credit card fraud ring.
Gonzalez, a former US Secret Service informant, was jailed for 20 years back in March after he admitted responsibility over the even more damaging assault against retailer TJX. ®