Heartland forced to update Q3 results as data breach costs rack up

Heartland forced to update Q3 results as data breach costs rack up

Heartland Payment Systems has revised its third quarter results after doubling the provision - to $73.3 million - for expenses related to the massive data breach it suffered last year.

Earlier this month the payment processor included a $35.6 million pre-tax provision for expenses related to the data breach in its Q3 results, contributing to a net loss of $13.6 million.

Heartland says that since then it has held settlement discussions that resulted in an increase in offers made to some claimants affected by the breach. As a result, it believes that SFAS No.5, "Accounting for Contingencies" requires it to increase the reserve.

The company has now increased the pre-tax provision to $73.3 million, or $1.22 per share taking the provision for the nine months to $105.3 million (pre-tax) or $1.74 per share.

This means that in its Form 10-Q, filed with the SEC yesterday, the company records a Gaap net loss for the quarter of $37.1 million, or 99 cents a share, and a Gaap net loss for the nine months of $42.2 million, or $1.12 per share.

Heartland reported in January that it had found malicious software in its processing system, potentially compromising the card data of millions of people. The malware, planted last year, compromised data that crossed its network with credit card numbers and expiration dates exposed.

The breach has also contributed to a legal spat with VeriFone that has seen both companies file lawsuits in recent weeks. The wrangling is rooted in Heartland's move to develop an end-to-end encryption system in the wake of the breach, with VeriFone claiming an associated terminal violates one of its patents.

Comments: (2)

Nick Green
Nick Green - ISD Consultants - Northampton 10 November, 2009, 16:15Be the first to give this comment the thumbs up 0 likes

There is so much emphasis from the US on end to end encryption and I don't disagree that it is something that should be done. But is it me? Aren't they securing a token (the mag stripe) that is insecure. Yes fraudsters won't be able to steal millions of card details from one place but the magnetic stripe can still be compromised at point of sale. Bolting the stable door come to mind.

Mathew Stewart
Mathew Stewart - Explundish - London 11 November, 2009, 09:15Be the first to give this comment the thumbs up 0 likes

You're right.  At an industry level the magstripe losses really mount up.  I guess players feel less anxiety over that because the losses are little clicks and are shared among many organisations.  It's like lots of little pin-pricks. Whereas a data breach like Heartland's can lead to a big hit on a single company which could, frankly, destroy them. There is no "industry response" here, just private companies trying to avoid a repeat of the Heartland incident, so E2E encryption is the flavour of the month.