Tennessee convenience chain puts legal matter to rest.
After more than three years of legal proceedings and a class action lawsuit, MAPCO Express Inc. is moving on from a payment card data breach that occurred in the spring of 2013.
A Tennessee federal judge last month approved a proposed settlement of up to $1.9 million to be paid by MAPCO to individuals affected by a payment card data hack.
The settlement requires Mapco to pay $700,000 into a consumer settlement fund in addition to the $1.2 million that the company has paid to Visa and MasterCard, in continuance of payouts associated with their data breach recovery procedures.
A class action lawsuit was filed against MAPCO in 2014 by Alabama-based Winsouth Credit Union and First National Community Bank, alleging negligence for failing to prevent the breach. At the time, the c-store chain was owned by Delek US Holdings Inc.
The incident involves credit/debit card payments for transactions at MAPCO locations between March 19-25, April 14-15 and April 20-21 of 2013.
The payment card data breach was publicly disclosed by MAPCO on or about May 6, 2013. At the time, MAPCO was credited with taking immediate steps to investigate the incident and further strengthened the security of its payment card processing systems to block future information security attacks.
The settlement provides claimants $500 for documented out-of-pocket losses, and unreimbursed charges or actual time spent on the breach, up to five hours and $15 per hour. Claimants had to have submitted their claims by January 26.
MAPCO, now owned by COPEC, has 340-plus corporate stores operating primarily in Tennessee, northern and central Alabama, northern Georgia, Arkansas, Virginia, southern Kentucky and northern Mississippi.