BreachExchange mailing list archives
Re: follow-up: Heartland data breach triggers class actionsuit
From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Wed, 18 Mar 2009 10:16:18 -0400
We've all heard the problems consumers face when looking to sue firms for a breach, and I'm continually impressed by the creative ways lawyers seek to bring action. For instance, I came across the following: "In Pinero v. Jackson Hewitt Tax Service, Inc., No. 08-3535 (E.D.La. Jan. 7, 2009), a federal district court allowed a consumer whose tax returns were discarded in an unsecured dumpster to proceed with a class action despite no evidence of identity theft or economic loss. The court dismissed the usual collection of post-data breach claims based on negligence, contract, and the state's data breach notification statute, but granted the plaintiff leave to amend her fraudulent inducement and state unfair trade practices claims. The court also denied the defendants' motion to dismiss the plaintiff's invasion of privacy claim.... [fraudulent inducement] may now allow plaintiffs to recover substantial post-breach damages based on the defendant's representations regarding data security procedures and language in the defendant's privacy policy. If those representations induced the plaintiffs into using the defendants' services and were misleading, defendants could be liable for substantial post-breach damages." http://www.lexology.com/library/detail.aspx?g=fc348d3f-52e6-4aef-8099-a34611 af27e1 But as I understand from a colleague, a) it's not clear what damages one would actually try and claim, and b) the burden would still be on the plaintiff to show that they relied on whatever privacy policy, and wouldn't have done business with them absent that policy. I recognize that the class action below refers to investors (not potential idtheft victims), but again, still impressed at all the ways people try and sue. ;) cheers, sasha
-----Original Message----- From: dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of security curmudgeon Sent: Wednesday, March 18, 2009 4:04 AM To: dataloss () datalossdb org Subject: [Dataloss] follow-up: Heartland data breach triggers class actionsuit ---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.computerweekly.com/Articles/2009/03/17/235295/heart land-data-breach-triggers-class-action-suit.htm [Heartland Payment Systems trades as: NYSE:HPY - WK] By Warwick Ashford ComputerWeekly.com 17 Mar 2009 Heartland Payment Systems faces a class action lawsuit from investors who claim they lost money following a breach of its debit and credit card processing systems in 2008. The company revealed on 20 January that its systems had been compromised by hackers, exposing card account numbers, expiry dates and data from the card's magnetic stripe. Heartland said in a small number of cases cardholder names were also potentially at risk, but no personal identification numbers had been exposed. An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- follow-up: Heartland data breach triggers class action suit security curmudgeon (Mar 18)
- Re: follow-up: Heartland data breach triggers class actionsuit Sasha Romanosky (Mar 18)