Simply Security - News, Views, and Opinions from Trend Micro

Posted on January 10th, 2012 in Current News, Privacy & Policy by Simply Security | Be the first to comment | Tags: Compliance & Regulations

A U.S. district judge dismissed nine out of 10 claims against Heartland Payment Systems.

A U.S. district court last week dismissed nine cases brought against Heartland Payment Systems for its role in a massive 2007-2008 data breach, leaving the debit and credit card processing firm to face just one claim.

Nine financial institutions filed a class-action lawsuit against the New Jersey-based Heartland in 2009, claiming the payment processor had acted negligently and violated its contractual obligations and consumer protection laws when three hackers infiltrated its computers and stole 130 million credit and debit card numbers.

However, according to Computerworld and others, Lee Rosenthal of U.S. District Court for the Southern District of Texas has dismissed all but one of the 10 charges, asserting that the banks had misstated their claims against Heartland. The processor, Rosenthal said, was not contractually obligated to the banks to the extent that they claimed and, therefore, had not breached any contract.

In his 62-page ruling, Rosenthal left open the option for the banks to file amended complaints regarding the breach of contract. He did close the door on claims of negligence, stating that the laws the banks accused Heartland of violating did not allow tort for damages in instances that involved no property or physical injury, Computerworld noted.

The only claim that he let stand was one filed by a bank that stated Heartland had violated the Florida Deceptive and Unfair Trade Practices Act. However, according to Courthouse News, Heartland has asserted that the act does not apply to banks, but only consumers.

Computerworld reported that Heartland had reached a settlement of $4 million for another case filed by consumers. As part of the settlement, Heartland paid $175 to consumers to cover out-of-pocket expenses related to telephone and postage.

Heartland’s case demonstrates the importance of strict data security practices throughout a company. Beyond the monetary damage stemming from court settlements and legal fees, Heartland has suffered a significant blow to its reputation as a result of the breach. According to reports, this breach is the largest to date involving payment cards.

Though data breaches are often difficult to avoid, they can have an impact on consumer confidence, as people are more willing to blame the company than the hackers. In order to mitigate such reactions, it is important that an organization prioritizes data protection measures and responds swiftly and appropriately should a breach occur.

Data Security News from SimplySecurity.com by Trend Micro