Two New Suits Filed in Heartland Data Breach

Class Action Lawsuits Say Processor Failed to Safeguard Cardholder Data
Two New Suits Filed in Heartland Data Breach
Two Philadelphia law firms have filed class action suits on behalf of all cardholders in the U.S. who had their credit or debit card data stolen in the Heartland Payment System (HPY) data breach. This brings to three the total number of class action lawsuits filed against the Princeton, NJ-based payments processor. Heartland Payment Systems data breach coverage

The law firm of Berger & Montague filed a class action suit in the U.S. District Court for the District of New Jersey, alleging Heartland's failure to safeguard cardholder data when the company's computer systems were hacked and cardholder data was stolen. Heartland says last year it processed 100 million card transactions per month, but an unknown number of cards were impacted by the breach. The law firm says fraudulent activity has occurred on some of those cards.

The law firm alleges that Heartland's security measures and intrusion detection systems were inadequate. "Because of Heartland's inadequate data security, cardholders have had their card information compromised, have been exposed to the risk of fraud, have spent and will spend time to monitor their accounts and dispute fraudulent charges, and have suffered other economic damages," the law firm says in its statement regarding the suit.

Berger & Montague were also co-lead counsel in the consumer class action suit brought against TJX Companies, which resulted in a $200 million settlement.

The third class action lawsuit filed in February against Heartland comes from Sheller P.C. of Philadelphia, PA. Sheller's suit against Heartland has similar charges against the payment processor. Sheller P.C. also filed its class action lawsuit in the U.S. District Court for the District of New Jersey.

Sheller P.C. has also filed a consumer class action suit against RBS WorldPay for its security breach that was made public on Dec. 23, 2008.

Previously, Chimicles & Tilellis LLP of Haverford, PA filed suit in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Cooper, asserting that Heartland "made unreasonably belated and inaccurate statements concerning the breach."

The announcement of these two additional suits being filed on behalf of consumers will only continue to drive talk of a potential class action suit on behalf of the financial institutions that have also faced considerable cost because of the Heartland data breach. To date, there are more than 330 financial institutions that have come forward to say their customers' cards were compromised because of the breach. Some have closed the credit and debit cards of customers because of fraud, and reissued customer cards.

In the aftermath of the TJX data breach, where more than 90 million cards were compromised, a group of banks in the Northeast filed a class action suit to recoup the losses that the banks faced when reissuing thousands of cards.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network