In late 2008, a security breach at the nation’s fifth largest payments processor Heartland Payment Systems of Princeton, New Jersey resulted in the theft of over 130 million credit and debit card accounts. It is still the largest single data security breach ever reported.
Since the breach, Heartland has been slowly but steadily resolving the many lawsuits that were brought against it. This week, Heartland announced that it and Mastercard have agreed to a $41.4 million dollar settlement.
This brings the total Heartland has committed to pay out to around $140 million, according to ComputerWorld. As the ComputerWorld story notes, this is still only a little more than half of the estimated cost of the 2006 TJX breach, which the hackers of Heartland were also responsible for.
In the face of statistics published earlier this year by the Ponemon Institute on the cost of data breaches, Heartland has come out on the cheap end of the curve. According to the Institute's figures, in 2008, the average cost of a data breach was around $202 per record compromised.
You can read the various settlements that Heartland has reached over the past 18 months here. The web site Bank Info Security has a map showing the number of institutions affected by the Heartland breach here.
The "mastermind" behind the data breach, Albert Gonzalez, was sentenced to serve two consecutive 20 years prison sentences in March of this year for his role in the TJX and Heartland hack attacks. A Gonzalez associate was sentenced to 5 years in April. Four others have also been sentenced for their parts in the crime (see here, for example).