Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.
Article Number 1037
How do I contact the payment card brands?
Are compliance certificates recognized for PCI DSS validation?
Can an entity be PCI DSS compliant if they have performed quarterly scans, but do not have four “passing” scans?
Can an entity be PCI DSS compliant if they use a service provider that is validated to a previous version of PCI DSS?
Does PCI DSS, PA-DSS, or PTS apply to ATMs?