Bank Info Security, which has been covering the Heartland Breach better than most any other site I have found is now reporting that a class action lawsuit has been filed against the company on behalf of the banking institutions. Saw this coming from a mile away...(see: Banks Not HPY with Heartland) This is just the beginning folks. If I owned shares in Heartland, I wouldn't be HPY.
One lawsuit,the Lone Star National Bank is asking for $50 million in damages. Damages will most likely be trebled. This has got to be giving Heartland a bad ticker...speaking of which I haven't had an opportunity to check their stock price yet today...hold on..let me grab it for you...
In the meantime, you can click on the graphic to enlarge if you can't read it...
Here ya go..it's a little off from it's 52 week high...yes? Heartland says it will meritoriously defend itself against any lawsuit, which I take to mean that it will file a counter-suit against the brands (V/MC) claiming the breach was their fault because they don't provide end-to-end encryption.
IMHO, if Visa and MasterCard would simply take the reduced Interchange Fees hit and get rid of (completely eliminate) signature debit...and completely replace it with the more secure PIN Debit debit platform, this dog wouldn't be barking.
Here's the report from Bank Info Security:
Heartland Data Breach: Class Action Suit Filed on Behalf of Banking Institutions
Complaint Seeks to Recover Costs, Damages from Fraud
One month after the Heartland Payment Systems (HPY)data breach was revealed, a Philadelphia law firm filed a class actionlawsuit against the processor on behalf of two banks and three creditunions. The complaint was filed by Chimicles & Tikellis in U.S. District Court in Trenton, NJ on February 20. (Click the graphic below to enlarge and read the treble damages request)
The five institutions named in the complaint are AmalgamatedBank, New York, NY; Matadors Community Credit Union, Chatsworth, CA;GECU, El Paso, TX; MidFlorida Federal Credit Union, Lakeland, FL ;andFarmers State Bank, Marcus, IA. All the institutions say they have hadto re-issue "substantial" numbers of credit and debit cards because ofthe Heartland breach.
Joseph Sauder, the (soon to rich) attorney leading the case, says while onlyfive institutions were named in the complaint, "We talked with numerousbanks. These five were the ones we selected to present in thecomplaint."
Although no one has estimated officially how many institutions, cards and consumers might be affected by the breach, more than 500 institutions have stepped forward to tell Information Security Media Group that they have been impacted.
Chimicles & Tikellis also has a consumer class action lawsuit filed against Heartland, filed in the same U.S. District Court in Trenton on January 27.
Seeking to Recover Costs
In the new class action suit, Sauder says the institutions "seekto recover money for the cost of reissuing cards and also for thefraudulent activity that banks and credit unions are ultimatelyresponsible for as a result of this breach, among other things."
Heartland announced on January 20 that its computer systems hadbeen breached by outside hackers sometime in 2008. The processorhandled on average 100 million transactions per month for about 175,000merchants and retail establishments. Heartland only became aware of thebreach after it was notified by Visa and MasterCard of "patterns offraudulent credit card activity," the lawsuit states.
The breach compromised information including debit and creditcard numbers, expiration dates and internal bank codes. Many of theinstitutions that had cards compromised in the breach were forced tore-issue new credit and debit cards to their customers. "Given thelarge size of the data breach, the expenses associated with doing soare substantial," the complaint says, "and include costs for purchasingnew plastic debit and credit cards, postage and other mailing expenses,time spent by employees address this issue and harm to reputation andgoodwill."|
Many institutions have also reported incidents of fraud, thecomplaint states. It says Heartland's actions "constitute violations ofthe consumer protection statute of New Jersey," and amounts to a breachof implied contract, negligence, negligent misrepresentation, andcommon law negligence.
Sauder says he cannot estimate how soon the case may begin orhow long it may last. "It's hard to tell at this time, since the casewas just filed, as to what Heartland's position is going to be," hesays. He adds that more institutions are expected to join the classaction suit.
Other Suits
There are at least three consumer class action lawsuitsfiled against Heartland and three other lawsuits filed in other courtsby institutions seeking to recoup their losses and expenses related tothe breach:
The lawsuits against Heartland aren't the only issues the paymentsprocessor is confronting. During a conference call reportingHeartland's 2008 fourth quarter earnings on February 24, HeartlandPresident and CFO Bob Baldwin said, "Today, we have had severallawsuits filed against us and we expect that additional lawsuits willbe filed. We are also the subject to several governmentalinvestigations and enquiry, including an informal enquiry by the SECand a related investigation by the Department of Justice, an inquiry bythe OCC, and an inquiry by the FTC, and we may, in the future, besubject to other governmental enquiries and investigation."
The five institutions named in the complaint are AmalgamatedBank, New York, NY; Matadors Community Credit Union, Chatsworth, CA;GECU, El Paso, TX; MidFlorida Federal Credit Union, Lakeland, FL ;andFarmers State Bank, Marcus, IA. All the institutions say they have hadto re-issue "substantial" numbers of credit and debit cards because ofthe Heartland breach. Joseph Sauder, the (soon to rich) attorney leading the case, says while onlyfive institutions were named in the complaint, "We talked with numerousbanks. These five were the ones we selected to present in thecomplaint."
Although no one has estimated officially how many institutions, cards and consumers might be affected by the breach, more than 500 institutions have stepped forward to tell Information Security Media Group that they have been impacted.
Chimicles & Tikellis also has a consumer class action lawsuit filed against Heartland, filed in the same U.S. District Court in Trenton on January 27.
Seeking to Recover Costs
In the new class action suit, Sauder says the institutions "seekto recover money for the cost of reissuing cards and also for thefraudulent activity that banks and credit unions are ultimatelyresponsible for as a result of this breach, among other things."
Heartland announced on January 20 that its computer systems hadbeen breached by outside hackers sometime in 2008. The processorhandled on average 100 million transactions per month for about 175,000merchants and retail establishments. Heartland only became aware of thebreach after it was notified by Visa and MasterCard of "patterns offraudulent credit card activity," the lawsuit states.
The breach compromised information including debit and creditcard numbers, expiration dates and internal bank codes. Many of theinstitutions that had cards compromised in the breach were forced tore-issue new credit and debit cards to their customers. "Given thelarge size of the data breach, the expenses associated with doing soare substantial," the complaint says, "and include costs for purchasingnew plastic debit and credit cards, postage and other mailing expenses,time spent by employees address this issue and harm to reputation andgoodwill."|
Many institutions have also reported incidents of fraud, thecomplaint states. It says Heartland's actions "constitute violations ofthe consumer protection statute of New Jersey," and amounts to a breachof implied contract, negligence, negligent misrepresentation, andcommon law negligence.
Sauder says he cannot estimate how soon the case may begin orhow long it may last. "It's hard to tell at this time, since the casewas just filed, as to what Heartland's position is going to be," hesays. He adds that more institutions are expected to join the classaction suit.
Other Suits
There are at least three consumer class action lawsuitsfiled against Heartland and three other lawsuits filed in other courtsby institutions seeking to recoup their losses and expenses related tothe breach:
- The Lone Star National Bank, Pharr, TX has filed a lawsuit seeking $50 million in damages against Heartland. The Lone Star case was filed in Texas Southern District Court on February 16.
- TriCentury Bank, Simpson, KS filed a lawsuit in New Jersey District Court on February 13 seeking a judgment against the payments processor for breach of contract.
- Lone Summit Bank, Lake Lotawana, MO filed a lawsuit in the Fraud or Truth-In-Lending office of the New Jersey District Court on February 6.
The lawsuits against Heartland aren't the only issues the paymentsprocessor is confronting. During a conference call reportingHeartland's 2008 fourth quarter earnings on February 24, HeartlandPresident and CFO Bob Baldwin said, "Today, we have had severallawsuits filed against us and we expect that additional lawsuits willbe filed. We are also the subject to several governmentalinvestigations and enquiry, including an informal enquiry by the SECand a related investigation by the Department of Justice, an inquiry bythe OCC, and an inquiry by the FTC, and we may, in the future, besubject to other governmental enquiries and investigation."
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uO2A25-KEpMqI-FVZ3bpNUKJrC1zzG4Im__3cuPt8V2V-FuApatSpwuT4jLaZoJuxiDBSiE11Io0Oo3X9-KHR5ZkqHoE6aYghyBLT8TvEubpIPoQXmPEDFX4dqy75ZS13dWcRhESTDdCDipqdl_di3=s0-d)
