Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.
Article Number 1037
How do I contact the payment card brands?
Are compliance certificates recognized for PCI DSS validation?
Can an entity be PCI DSS compliant if they have performed quarterly scans, but do not have four “passing” scans?
How do I determine whether my business would be required to conduct an independent assessment or a self-assessment?
Does PCI SSC provide a list of PCI DSS-compliant service providers?