The credit card payment processor, which reported a massive breach of its internal systems in January, said that the US$12.6m was the result of legal action, fines by credit card companies, and administrative costs associated with the breach.
"The majority of these expenses relate to a fine imposed by MasterCard due to our allegedly not taking appropriate action subsequent to learning of the possibility of the breach," said Heartland chief executive Robert Carr. "We believe we took immediate and extraordinary actions to address the intrusion and cooperate with the card brands' investigation of the intrusion, and that we responded appropriately to concerns that were raised leading up to the discovery of the intrusion," he added.
Heartland Payment Systems has also been subject to a mounting number of lawsuits from banks who had been affected by the breach of their customers' credit card data.
The company finally regained its position on Visa's list of PCI DSS validated service providers on Monday, after being removed from the list in the wake of the breach.
Heartland's systems were compromised after hackers placed sniffer malware on its systems and were able to pilfer credit card details from the company's network. The full extent of the breach is still not known.