Quarterly financial results released by Heartland last week show that the card payment processor has accrued $139.4 million in breach-related expenses. The figure includes a settlement totaling nearly $60 million with Visa, another of about $3.5 million with American Express and more than $26 million in legal fees.

That total also includes $42.8 million that Heartland has set aside to fund proposed settlements with several other litigants over the breach. One example of what the fund is set up for is Heartland's against it for $4 million.

So far, Heartland has recovered about $30 million from insurance companies. Even with the updated figures, Heartland so far has spent considerably less than the it would eventually spend to address its massive 2006 data breach.

Even so, given the scope of the Heartland breach, in which an estimated 130 million credit and debit cards were compromised, it is likely that Heartland will end up spending more than TJX over time.

Heartland's disclosure of its breach-related expenses comes at a time when studies show that costs to companies from data breaches is steadily rising. The Ponemon Institute said it found the average cost per security breach incident in the U.S. in 2009 was $6.75 million. On average, companies spent about $204 per breached record, the study found.