Heartland data breach triggers class action suit

Heartland Payment Systems ...

Heartland Payment Systems faces a class action lawsuit from investors who claim they lost money followinga breach of its debit and credit card processing systems in 2008.

The company revealed on 20 January that its systems had been compromised by hackers, exposing card account numbers, expiry dates and data from the card's magnetic stripe.

Heartland said in a small number of cases cardholder names were also potentially at risk, but no personal identification numbers had been exposed.

An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009.

The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period.

Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.

Heartland is also facing sanctions from Visa over the data breach.

Visa has removed Heartland from its list of processors certified under the Payment Card Industry Data Security Standard (PCI DSS), according to the Internet Retailernews site.

Heartland says it continues to process Visa transactions as it works to restore its PCI certification, which it expects to achieve by May.

MasterCard has not taken any action against Heartland over the breach, Heartland says.

United Bank in the US has re-issued a significant number of debit cards and a moderate number of credit cards because of a security breach at Heartland.

The bank said it could not disclose exact numbers because of privacy concerns, according to the Charleston Daily Mail.

United Bank said it had received no details of customers affected by the breach from Heartland, but it has re-issued cards to all customers that appear on a list compiled by Visa.

Heartland has not disclosed the number of credit card details exposed by the intrusion, but the firm handles about 100 million transactions a month.

In light of these numbers, the Heartland data breach could far exceed the 45 million identities stolen from nine US retailers including TJX in 2007.

Get credit card processing quotes with BuyerZone.

Read more on IT legislation and regulation