PRINCETON, N.J. (5/21/10)--Heartland Payment Systems Inc. has agreed to pay MasterCard Worldwide $41.4 million to resolve claims from MasterCard and its issuers related to the 2008 breach of Heartland's payment system environment. The announcement comes five months after Heartland agreed to pay up to $60 million to issuers of Visa-branded credit and debit cards (News Now Jan. 11). Heartland also entered into settlements of $3.6 million with American Express and $2.4 million in a consumer cardholder class action lawsuit (News Now Dec. 21 and Dec. 29). Under the newest agreement, alternative recovery offers totaling $41.4 million will be made to eligible MasterCard issuers for losses they claimed as a result of the breach. Also under the agreement, MasterCard will recommend that eligible MasterCard issuers accept such offers. Like the Visa settlement, the MasterCard settlement is contingent upon financial institutions representing 80% of the claimed-on MasterCard accounts accepting the alternative recovery offers. The issuers have until June 25 to accept the settlement offer. This latest settlement also includes mutual releases between Heartland and its sponsoring bank acquirers on the one hand--and MasterCard and the accepting issuers on the other. Issuers that accept the alternative recovery offer must waive rights to any other recovery for claims of losses related to the breach from Heartland and its sponsoring bank acquirers through litigation or other remedies. They also must release MasterCard, Heartland and its sponsoring bank acquirers from all legal and financial responsibility related to the intrusion. All eligible issuers will receive notification from MasterCard with full details of the settlement agreement and how to accept their alternative recovery offers before the offers expire. The breach, which was announced in January 2009, exposed information from 130 million credit and debit cards--the largest breach on record. Its ramifications are still being felt. Last month, MidFlorida CU in Lakeland, Fla., said it would reissue 12,000 debit cards after recent fraud attempts stemming from the Heartland breach (News Now April 6). And CUNA Mutual's Risk Protection Center reported in January that fraudsters were still testing and successfully accessing the numbers not blocked or canceled in the Heartland breach (News Now Jan. 12).