Heartland was certified as PCI-DSS compliant
in April 2008 and is currently undergoing recertification.

In the interim Heartland is permitted to
operate as a processor in the Visa system subject to strict risk
control provisos. In the two years following recertification as
PCI-DSS compliant Visa will place Heartland in a probationary
status.

Further revelations of Heartland’s plight are
contained in its annual 2008 filing to the Securities and Exchange
Commission (SEC).

Visa, notes Heartland, will seek to impose
fines on its sponsor banks and could attempt to recover fraud
losses from the banks which will in turn seek to recover costs from
Heartland. Other card brands are anticipated to follow Visa’s
lead.

Unsurprisingly, legal actions are mounting
with Heartland reporting that 16 putative consumer class actions
and four putative financial institution class actions had been
filed against it in 10 states.

A putative class action was also commenced
against Heartland and certain of its executive officers alleging
violations of federal securities laws in connection with
disclosures relative to the processing system intrusion, its
computer system security and trading in Heartland shares by four of
its officers including Heartland’s CEO Robert Carr.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

Learn more about Strategic Intelligence

Notably, the SEC and the US Attorney for the
District of New Jersey have commenced investigations to determine
whether federal securities laws were violated.

Heartland also faces a barrage of other
official enquiries, noting that it had been contacted by the
Federal Financial Institutions Examination Council, the Federal
Trade Commission, the Canadian Privacy Commission and the Louisiana
attorney general’s office.

Since announcing the data breach Heartland’s
share price has slumped from $15 to $5 per share.