Breach costs force a revision in estimates. From their press release:
…. subsequent to the release of its earnings for the third quarter on November 3, 2009, Heartland engaged in settlement discussions that resulted in an increase in settlement offers made to certain claimants in an attempt to resolve certain of the claims asserted against Heartland relating to the criminal breach of Heartland’s payment systems environment (the “Processing System Intrusion”). Heartland believes that SFAS No.5, “Accounting for Contingencies” (ASC 450-20) requires it to increase its Reserve for Processing System Intrusion from the amount included in the financial results reported in Heartland’s November 3, 2009 earnings release to reflect this increase in such settlement offers. As a result of the increase in this reserve, Heartland reported in its Form 10-Q, which was filed with the SEC yesterday, a GAAP net loss for the quarter ended September 30, 2009 of $37.1 million, or $0.99 per share, and a GAAP net loss for the nine months ended September 30, 2009 of $42.2 million, or $1.12 per share. Results for the quarter are after $73.3 million (pre-tax), or $1.22 per share, of various expenses, accruals and reserves, all of which are attributable to the Processing System Intrusion, including charges related to settlement offers made by Heartland in attempts to resolve certain Processing System Intrusion related claims and expected costs of settling certain other claims as to which settlement discussions between Heartland and the claimants are underway. Such expenses, accruals and reserves for the nine month period totaled $105.3 million (pre-tax) or $1.74 per share. The increase in the Reserve for Processing System Intrusion has no impact on the Adjusted Net Income and Earnings per Share reported in the November 3, 2009 earnings release.
Now that’s a really costly breach. Or is it a bargain? If the U.S. Attorney’s claims that 130 million records or accounts were involved in the intrusion, then it’s less than $1 per record. All in all, though, I think most would agree that this has been a very costly breach for HPS.