Computerworld - Lawyers representing financial institutions in a data breach lawsuit against Heartland Payment Systems Inc are calling a recently proposed $60 million settlement offer from the company as way too meager.
In a statement released on Wednesday, the lawyers said the proposed settlement would only pay banks and credit unions "pennies on the dollar," while releasing Heartland and other potentially liable parties from further legal action.
Princeton, NJ-based Heartland announced in January 2009 that unknown intruders had broken into its systems and stolen card data. More than 130 million credit and debit cards were believed to have been compromised in the intrusion, making it the biggest ever involving payment card data.
Hundreds of banks were affected by the breach. Many of them later sued the payment processor seeking to recover card-reissuance and fraud-related costs.
Earlier this month, Heartland and Visa announced a settlement under which Heartland said it would pay up to $60 million to compensate card issuers for breach-related costs. The proposed settlement requires card issuers to release Heartland and Visa from any additional liability.
Banks and credit unions affected by the breach have until January 29th to decide if they want to accept the terms of the settlement or not. The proposed settlement will go into effect if at least 80% of affected Visa card issuers agree to it.
In a joint statement with Heartland, a Visa executive touted the settlement offer as a way for card issues to get an "an immediate recovery" of any losses they may have incurred from the Heartland intrusion.
On Wednesday, Michael Caddell, a lawyer representing several financial institutions in a putative class-action against Heartland, called the settlement offer anything but fair to those affected by the breach. In total, more than 86 million Visa payment cards were compromised in the Heartland data breach.
The costs that banks incurred to replace each of those cards and costs stemming from fraudulent transactions far exceed the $60 million being offered by Heartland, said Cadell who is a partner at Caddell & Chapman, a Houston-based law firm. The amount is even less than Visa's own internal estimates which pegs financial damages to banks as a result of the breach at $140 million, Caddell said.
Visa started sending out settlement offers to individual banks and credit unions last week, Caddell said. Based on information from clients the offers appear to be ranging anywhere from around 1% of the actual damages incurred up to around 30%, he said.
On average the settlement amounts being offered are less than 10% of the actual damages and are being calculated based on an internal Visa operating rule, Caddell said. One Caddell client that spent over $1 million in breach-related costs has been offered just $54,000 by Visa by way of compensation, he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
