Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.
Article Number 1037
How do I contact the payment card brands?
If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?
Can an entity be PCI DSS compliant if they use a service provider that is validated to a previous version of PCI DSS?
Are compliance certificates recognized for PCI DSS validation?
Can an entity be PCI DSS compliant if they have performed quarterly scans, but do not have four “passing” scans?