BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hacked Credit Processor Won't Face Most Claims

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 15 Dec 2011 01:38:12 -0500
http://www.courthousenews.com/2011/12/07/42036.htm

HOUSTON (CN) - A debit and credit card processor will face just one
claim from financial institutions suing over a massive security breach
that affected millions of consumers, a federal judge ruled, dismissing
nine other counts against Heartland Payment Systems.

     Three hackers infiltrated Heartland's computers in December 2007
and stole 130 million debit and credit card numbers. Heartland was one
of five companies that suffered such breaches from the trio of
hackers, according to a 2009 indictment filed in the District of New
Jersey.

     The theft led numerous parties to complain of Heartland's failure
to adhere to industry security standards in providing payment-card
processing services. The civil complaints that followed were
consolidated in the Southern District of Texas and divided into two
tracks of litigation: consumer complaints and financial institution
complaints.

     U.S. District Judge Lee Rosenthal dismissed all but one of the 10
causes of action from the master complaint filed as a class action by
nine banks. Those banks had issued credit to consumers affected by the
computer-system breach.

     Rosenthal granted the banks leave to amend the dismissed claims
for breach of contract, breach of implied contract, express
misrepresentation, negligent misrepresentation based on nondisclosure,
and violations of the California Unfair Competition Law, the Colorado
Consumer Protection Act, the Illinois Consumer Fraud and Deceptive
Business Practices Act and the Texas Deceptive Trade
Practices-Consumer Protection Act.

     Heartland failed only in its bid to dismiss the claim that it
violated the Florida Deceptive and Unfair Trade Practices Act. The
processor had argued that the act applies only to consumers, not
banks, but the Florida Legislature substituted "person" for "consumer"
when it amended the act in 2001.

     Rosenthal disagreed last week, though he admitted, "The question
is a close one."

     One of the hackers, an American named Albert Gonzalez, is serving
20 years in prison after pleading guilty to two charges for the
Heartland breach and related crimes. Upon his release, the seasoned
hacker is prohibited from using a computer. The original indictment
said Gonzalez worked with two hackers who "resided in or near Russia."
In a related case against Gonzalez, the hacker was indicted along with
Maksym Yastremskiy, of Kharkov, Ukraine, and Aleksandr Suvorov, of
Sillamae, Estonia.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: