Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.
Article Number 1037
How do I contact the payment card brands?
Can an entity be PCI DSS compliant if they have performed quarterly scans, but do not have four “passing” scans?
Are compliance certificates recognized for PCI DSS validation?
Does PCI DSS, PA-DSS, or PTS apply to ATMs?
Does PCI SSC provide a list of PCI DSS-compliant service providers?