Response to Unauthorized Access. Merchant will notify Provider within twenty-four (24) hours after it becomes aware of any actual or potential breach in security resulting in an unauthorized access to Cardholder Information. Merchant will provide any assistance that Provider, Card Issuer, regulators, governmental authority, or any Card Network deems necessary to contain and control the incident to prevent further unauthorized access to or use of Cardholder Information. Such assistance may include, but not be limited to, preserving records and other evidence, and compiling information to enable Provider and the issuing bank(s) or the Card Network to investigate the incident, and providing assistance and cooperation to: (a) file suspicious activity reports (as applicable); (b) notify their regulators (as applicable); and (c) notify the affected Cardholder (as required). Unless the unauthorized access was due to Provider’s acts or omissions, Merchant will bear the cost of notifying affected Cardholder. Without limiting Provider’s remedies in this Agreement, Merchant shall indemnify, defend, and hold Provider harmless for any claims, losses, injuries, damages, or causes of action arising out of or relating to Merchant’s failure to prevent unauthorized access to any Cardholder Information.
Appears in 2 contracts
Sources: Merchant Agreement, Merchant Agreement