Heartland did have a web application firewall in place, but the company’s security configuration did not defend against the SQLi attack. The company paid $145 million in compensation, temporarily lost its PCI DSS compliance, and its stock price dropped by nearly 80 percent over the next three months. Despite the massive cost and negative publicity around this attack, SQLi still accounted for more than 65 percent of all web application attacks in 2019. That’s up from 44 percent in 2017.