RSS Alerts

Related Stories

  • Like Falling Off a Log
    System logs haven’t really changed since the days of the IBM 360, but the need to manage them effectively for security purposes certainly has. Danny Bradbury finds out why log management is so important – and why we aren’t doing it properly
    Members' Content
  • A Breach too Far
    How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates
    Members' Content
  • The PCI Paradox - why PCI DSS isn't preventing data breaches
    PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem
  • Heartland takes US$12.6m hit for breach
    Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance.
  • Heartland Discovers Card Heist
    Payment processing company Heartland Payment Systems was red-faced last week after the disclosure of a data breach that took place in 2008.

News

Heartland breach generates storm of lawsuits

05 March 2009

Embarrassment over the massive data breach suffered by Heartland Payment Systems has turned out to be only the start of the firm's problems. The company, which announced the potential compromise of an as-yet undisclosed number of card records, is now on the receiving end of lawsuits from at least eight banks and credit unions.

Chimicles and Tikellis is one attorney that has filed suit against the company, on behalf of Amalgamated Bank, Matadors Community Credit Union, GECU, MidFlorida Federal Credit Union, and Farmers State Bank. The companies are claiming expenses to cover the cost of reissuing bank cards, along with reputational damage.

"The complaint raises claims for common law negligence, breach of contracts to which plaintiffs and class members were intended third party beneficiaries, breach of implied contract, violations of the New Jersey Consumer Fraud Act, negligence per se, and negligent misrepresentation," said the legal firm in a statement.

Other firms filing suit include Sohmer & Stark LLC, and Lone Summit Bank.

The card payment processor has still not admitted how many credit card records may have been compromised in the breach, which it discovered after credit card companies tipped it off. The breach occurred following the installation of malicious software onto its systems. It has expressed concern that card numbers, expiration dates and other data from the card’s magnetic stripe may have been exposed. In some limited cases, cardholder name information may also have been compromised.

"The investigation by forensic auditors is still underway, and we simply do not have that information. The media reports of numbers of potentially compromised accounts have been speculative," it said in a statement.

At the time of writing, the latest press release on the breaches from the payment processing company was dated 27 January and was more than a month old. It stated that the firm had begun working on end-to-end encryption systems to mitigate further risk.

 

This article is featured in:
Data Loss Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water