Banks, credit unions begin to sue Heartland over data breach
Cost of notifying customers, damages sought
Computerworld - In an indication of the legal troubles that companies can find themselves in over data breaches these days, several banks and credit unions have begun suing Heartland Payment Systems Inc. over its recently disclosed data breach.
In the six weeks since the potentially massive breach was disclosed, eight banks and credit unions have filed lawsuits against Heartland over its alleged failure to take adequate measures for protecting credit and debt cardholder data.
Heartland said on Jan. 20 that unknown intruders had broken into its network sometime last year and accessed payment card data belonging to an undisclosed number of customers. The breach, thought to possibly be the biggest ever disclosed, has already affected over 500 financial institutions, including a handful in the Bahamas, Bermuda and Canada.
The lawsuits seek compensation from Heartland for the costs that the financial institutions said they've had to bear in notifying affected customers about the breach and in reissuing new payment cards. The lawsuits also claim damages from Heartland for costs of the alleged fraud that the banks claimed have resulted from the breach.
One of the lawsuits was filed by Chimicles & Tikellis LLP in Haverford, Pa., on behalf of Amalgamated Bank in New York; Matadors Community Credit Union in Chatsworth, Calif.; GECU in El Paso, Texas; MidFlorida Federal Credit Union in Lakeland, Fla.; and Farmers State Bank in Marcus, Iowa.
Filed in federal court in New Jersey, the suit charged Heartland with violating the state's consumer protection statutes and for breach of implied contract. The complaint, filed on Feb. 20, also suggested that Heartland should have been the one sending out the notifications to the affected customers, not the card-issuing banks. "Instead of actively participating in resolving the problems that were caused as a result of its negligence and other misconduct, Heartland has essentially taken a backseat and shifted this burden to plaintiffs and class members," the complaint alleged.
Joseph Sauder, a partner with Chimicles & Tikellis, said the lawsuit seeks to recover, on behalf of all affected financial institutions, "the damage they have incurred as a result of the breach. It includes the cost of reissuing the cards and fraudulent activity."
Chimicles & Tikellis is also representing a resident of Woodbury, Minn., and others similarly affected in a separate class-action lawsuit against Heartland.
Sohmer & Stark LLC in Fairfield, N.J., filed another suit on behalf of Simpson, Kansas-based TriCentury Bank and Great Southern Bank in Springfield, Mo. Its complaint alleged that Heartland had been negligent in allowing malicious code to be placed on its processing systems and networks and in properly managing the encryption of cardholder data. The lawsuit also noted Heartland's omissions in failing to implement or comply with the Payment Card Industry Data Security Standard, which is mandated by the card companies.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Exponentially Accelerate Data Protection and Recovery with Simpana 10 IntelliSnap® Snapshot Management Technology Are you making the best use of your storage array snapshot functionality? CommVault Simpana 10 IntelliSnap technology manages hardware-based snapshots across multiple vendor...
- Simpana IntelliSnap Technology Datasheet With IntelliSnap you can maximize the value of your snapshot technology while dramatically reducing management overhead and complexity.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts