Heartland lawsuit plaintiffs go after acquiring banks’ deep pockets

Thursday, January 21, 2010

The $60 million settlement offer announced by Visa and Heartland Payment Systems seems in jeopardy of falling apart as lawyers for some of the banks file a new lawsuit against Heartland’s acquiring banks and urge rejection of the settlement offer.

Jaikumar Vijayan follows-up on the press release issued yesterday by lawyers for financial institutions suing Heartland Payment Systems over the massive breach revealed in January 2009. Although Visa and Heartland announced a proposed $60 million settlement earlier this month, lead counsel for the plaintiffs says that card issuers should be hesitant about accepting the offer as it provides only “pennies on the dollar” even though KeyBank and Heartland Bank have “deep pockets” and could afford to be part of a better settlement offer for the card issuers:

The costs that banks incurred to replace each of those cards and costs stemming from fraudulent transactions far exceed the $60 million being offered by Heartland, said Cadell who is a partner at Caddell y& Chapman, a Houston-based law firm. The amount is even less than Visa’s own internal estimates which pegs financial damages to banks as a result of the breach at $140 million, Caddell said.

Visa started sending out settlement offers to individual banks and credit unions last week, Caddell said. Based on information from clients the offers appear to be ranging anywhere from around 1% of the actual damages incurred up to around 30%, he said.


Though Heartland has downplayed its ability to pay more money, its acquiring banks Key Bank has $97 billion of assets and Heartland Bank has over $1 billion of assets, he said. An acquiring bank is a bank that authorizes and accepts card transactions on behalf of a merchant or processor. In response to the proposed settlement offer, a lawsuit has been filed in Houston federal court seeking to hold KeyBank and Heartland Bank liable for damages caused by the Heartland data breach.

Read more on BankInfoSecurity.com

Over on BankInfoSecurity.com, Linda McGlasson writes more about the banks’ latest lawsuit against Heartland:

Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach.

Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday. Heartland Bank is based in St. Louis, MO, and Key Bank is based in Cleveland, OH.

Read more on BankInfoSecurity.com.

Original Source: http://www.databreaches.net/?p=9546
Possibly Related Articles:
PCI DSS Breaches
General Legal
Legal Heartland
Post Rating I Like this!
Anthony M. Freed The breach at Heartland and it's subsequent - and still as yet determined - impact on Keybank illustrates one of the key factors the drew me from the finance world into information security:

Investors and other stakeholders have little to no idea how infosec risk affects share price and corporate viability, especially through third-party liabilities.

To top that off, the legal community is just getting warmed up concerning SEC and SarbOx violations and their relationship to information security practices, particularly where it relates to disclosure of material information to shareholders.

Of note: I wrote about Heartland CEO Bob Carr's stock trades during the reported breach period one month before the SEC announced an investigation for insider trading.

My articles were subsequently cited in the investor class action suit brought against Heartland and it's leadership and later dismissed:


Reference items 117-119 under "Scienter Evidence" for details.