BankInfoSecurity.com - Information Security News, Regulations, & Education

Just Released: Our Online Webinar Catalog

Bank Information Security Articles

Heartland Data Breach: Class Action Suit Filed on Behalf of Banking Institutions

Credit
EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Complaint Seeks to Recover Costs, Damages from Fraud

February 27, 2009 - Linda McGlasson, Managing Editor

Save

Digg

Delicious

Please login or register to save this article.

Comment on this article

One month after the Heartland Payment Systems (HPY) data breach was revealed, a Philadelphia law firm filed a class action lawsuit against the processor on behalf of two banks and three credit unions. The complaint was filed by Chimicles & Tikellis in U.S. District Court in Trenton, NJ on February 20.

The five institutions named in the complaint are Amalgamated Bank, New York, NY; Matadors Community Credit Union, Chatsworth, CA; GECU, El Paso, TX; MidFlorida Federal Credit Union, Lakeland, FL ;and Farmers State Bank, Marcus, IA. All the institutions say they have had to re-issue "substantial" numbers of credit and debit cards because of the Heartland breach.

Joseph Sauder, the attorney leading the case, says while only five institutions were named in the complaint, "We talked with numerous banks. These five were the ones we selected to present in the complaint."

Although no one has estimated officially how many institutions, cards and consumers might be affected by the breach, more than 500 institutions have stepped forward to tell Information Security Media Group that they have been impacted.

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Healthcare Enews

General Healthcare Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

Chimicles & Tikellis also has a consumer class action lawsuit filed against Heartland, filed in the same U.S. District Court in Trenton on January 27.

Seeking to Recover Costs

In the new class action suit, Sauder says the institutions "seek to recover money for the cost of reissuing cards and also for the fraudulent activity that banks and credit unions are ultimately responsible for as a result of this breach, among other things."

Heartland announced on January 20 that its computer systems had been breached by outside hackers sometime in 2008. The processor handled on average 100 million transactions per month for about 175,000 merchants and retail establishments. Heartland only became aware of the breach after it was notified by Visa and MasterCard of "patterns of fraudulent credit card activity," the lawsuit states.

The breach compromised information including debit and credit card numbers, expiration dates and internal bank codes. Many of the institutions that had cards compromised in the breach were forced to re-issue new credit and debit cards to their customers. "Given the large size of the data breach, the expenses associated with doing so are substantial," the complain says, "and include costs for purchasing new plastic debit and credit cards, postage and other mailing expenses, time spent by employees address this issue and harm to reputation and goodwill."

Many institutions have also reported incidents of fraud, the complaint states. It says Heartland's actions "constitute violations of the consumer protection statute of New Jersey," and amounts to a breach of implied contract, negligence, negligent misrepresentation, and common law negligence.

Sauder says he cannot estimate how soon the case may begin or how long it may last. "It's hard to tell at this time, since the case was just filed, as to what Heartland's position is going to be," he says. He adds that more institutions are expected to join the class action suit.

Other Suits

There are at least three consumer class action lawsuits filed against Heartland and three other lawsuits filed in other courts by institutions seeking to recoup their losses and expenses related to the breach:

The Lone Star National Bank, Pharr, TX has filed a lawsuit seeking $50 million in damages against Heartland. The Lone Star case was filed in Texas Southern District Court on February 16.

TriCentury Bank, Simpson, KS filed a lawsuit in New Jersey District Court on February 13 seeking a judgment against the payments processor for breach of contract.

Lone Summit Bank, Lake Lotawana, MO filed a lawsuit in the Fraud or Truth-In-Lending office of the New Jersey District Court on February 6.

1 | 2

View On 1 Page

Next Related Article:

ACH Fraud: Action Plan in Oct.

What should a class action suit against Heartland accomplish for banking institutions?

Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.

Please login if you would like to post a comment on this question.

They should pay all of the banks for losses, the issuance of new cards, and the cost for having to risk manage this whole situation. During our the time our bank was hit, debit cards became a full time job for some of my staff.

Topics of Interest

Cloud Computing

Cloud Computing: The Case for Certification
Secure Image Transport: 'Buy, Don't Build'

Social Engineering

Redspin Security Report: Top 10 Network Security Threats of 2008 - Q2 Update
Banking Agenda: Beating the Drum for Safety & Soundness

ACH

BankInfoSecurity.com Week in Review: Aug. 20, 2010
BankInfoSecurity.com Week in Review: Aug. 27, 2010

Risk Management

How to Prioritize Risk & Justify Security Investments
Understanding Man-in-the-Browser Attacks and Addressing the Problem

Fraud

How to Prioritize Risk & Justify Security Investments
Understanding Man-in-the-Browser Attacks and Addressing the Problem

Messaging

Protecting Enterprise Data with Proofpoint Encryption
How to Identify Phishing Attacks, Email-Borne Threats, & Spam

Latest Tweets & Mentions

Recent Content
Most Popular

1Heartland, Discover Settle at $5 Million
2How to Protect Consumers from ID Theft
3The Mobile Mandate
4Church Latest Victim of ACH Fraud
5Video: Why Cyber Challenge is Needed
6FDIC: 829 Troubled Banks
7ID Theft: Courts Cracking Down
810 Tips to Thwart Skimming
9Skimming: Old Crime, New Tools
10Key Elements of Risk Management

1Failed Banks and Credit Unions, 2010
22010 Data Breach Timeline
3Pay-At-The-Pump Skimming on the Rise
4Account Takeover: The New Wrinkle
5Tapping the Power of Social Media
6ATM Skimming: How Effective is Jitter?
741 Banking Breaches So far in 2010
8New Fraud Spree Investigated
9Social Media Policy - The 6 Essentials
10FDIC: Top 5 Fraud Threats

BankInfoSecurity.com Research

Podcast:Mortgage Fraud: Compliance to be a Challenge
Webinar:Legal Considerations About Cloud Computing
Handbook:2010 Webinar Catalog
White Paper:Understanding Man-in-the-Browser Attacks and Addressing the Problem
Regulation:FHFA: Issues Subpoenas for PLS Documents

Recent Blog Entries

Be Mindful of Insider Fraud Against Seniors

California's Financial Abuse Reporting Act, SB 1018, which r…

Read The Agency Insider by Linda McGlasson

Vendor Solutions

SecurIT

Solutions For:

Access Control, Identity Management, Security Monitoring
Tripwire

Solutions For:

Audit, Network Security, Security Configuration Management

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

BankInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
BankInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Federal Deposit Insurance Corp
Federal Reserve Board
Federal Trade Commission
FFIEC
FHFA
FinCEN
Government Accountability Office
National Credit Union Admin.
NIST
Office Comptroller of Currency
Office of Thrift Supervision

Anti-Money Laundering

Banking Today

Confidence In Banking

Business Continuity & Disaster Recovery

Pandemic Preparation

Compliance

Bank Secrecy Act
Basel II
CA Bill 1386
E-SIGN Act
FACTA
Gramm-Leach-Bliley Act
Guidance
Identity Theft Red Flags Rule
NCUA Part 748
Patriot Act
PCI DSS
Sarbanes-Oxley Act

Emerging Technology

Application Security
Authentication
Cloud Computing
Data Loss
Encryption
GRC
ID Access & Management
Messaging
Mobile Banking
Network/Perimeter
Remote Capture
SIM/SEM
Social Media
Storage
Web Security

Fraud

ACH
ATM
Check
Debit, Credit, Prepaid Cards
First Party
Insider
Mortgage
Payments
Wire

Governance & Standards

BITS
Cobit
COSO
FFIEC Handbook
ISO
ITGI
ITIL
PCAOB

Identity Theft

Pharming
Phishing
Skimming

Leadership & Management

Physical Security

Biometrics