Re: follow-up: Heartland data breach triggers class actionsuit

["Sasha Romanosky" <sromanos () andrew cmu edu>]

We've all heard the problems consumers face when looking to sue firms for a
breach, and I'm continually impressed by the creative ways lawyers seek to
bring action. For instance, I came across the following: 

"In Pinero v. Jackson Hewitt Tax Service, Inc., No. 08-3535 (E.D.La. Jan. 7,
2009), a federal district court allowed a consumer whose tax returns were
discarded in an unsecured dumpster to proceed with a class action despite no
evidence of identity theft or economic loss. The court dismissed the usual
collection of post-data breach claims based on negligence, contract, and the
state's data breach notification statute, but granted the plaintiff leave to
amend her fraudulent inducement and state unfair trade practices claims. The
court also denied the defendants' motion to dismiss the plaintiff's invasion
of privacy claim....

[fraudulent inducement] may now allow plaintiffs to recover substantial
post-breach damages based on the defendant's representations regarding data
security procedures and language in the defendant's privacy policy. If those
representations induced the plaintiffs into using the defendants' services
and were misleading, defendants could be liable for substantial post-breach
damages."
http://www.lexology.com/library/detail.aspx?g=fc348d3f-52e6-4aef-8099-a34611
af27e1


But as I understand from a colleague, a) it's not clear what damages one
would actually try and claim, and b) the burden would still be on the
plaintiff to show that they relied on whatever privacy policy, and wouldn't
have done business with them absent that policy.


I recognize that the class action below refers to investors (not potential
idtheft victims), but again, still impressed at all the ways people try and
sue. ;)


cheers,
sasha



> -----Original Message-----
> From: dataloss-bounces () datalossdb org 
> [mailto:dataloss-bounces () datalossdb org] On Behalf Of 
> security curmudgeon
> Sent: Wednesday, March 18, 2009 4:04 AM
> To: dataloss () datalossdb org
> Subject: [Dataloss] follow-up: Heartland data breach triggers 
> class actionsuit
>
>
>
> ---------- Forwarded message ----------
> From: InfoSec News <alerts () infosecnews org>
>
> http://www.computerweekly.com/Articles/2009/03/17/235295/heart
> land-data-breach-triggers-class-action-suit.htm
>
> [Heartland Payment Systems trades as: NYSE:HPY  -  WK]
>
> By Warwick Ashford
> ComputerWeekly.com
> 17 Mar 2009
>
> Heartland Payment Systems faces a class action lawsuit from 
> investors who claim they lost money following a breach of its 
> debit and credit card processing systems in 2008.
>
> The company revealed on 20 January that its systems had been 
> compromised by hackers, exposing card account numbers, expiry 
> dates and data from the card's magnetic stripe.
>
> Heartland said in a small number of cases cardholder names 
> were also potentially at risk, but no personal identification 
> numbers had been exposed.
>
> An investor has filed a proposed class action in the US 
> district court of New Jersey on behalf of all other investors 
> in Heartland between August
> 2008 and February 2009.
>
> The complaint alleges that Heartland issued false or 
> misleading statements and failed to disclose material adverse 
> facts about its business, operations and prospects during that period.
>
> Heartland's shares during that period also declined from 
> $21.84 per share, or approximately 80%, from its high of 
> $27.19 per share in September 2008.
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss () datalossdb org)
>
> CREDANT Technologies, a leader in data security, offers 
> advanced data encryption solutions.
> Protect sensitive data on desktops, laptops, smartphones and 
> USB sticks transparently across your enterprise to ensure 
> regulatory compliance.
> http://www.credant.com/stopdataloss

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss