HOUSTON, Texas (4/17/11)--A U.S. District Court in Houston, Texas, has dismissed two acquiring banks as defendants in a lawsuit brought by four credit unions and a bank related to the 2008-2009 Heartland Payment Systems' data breach. However, the court suggested that the complaint against one bank be transferred. U.S. District Judge Lee H. Rosenthal of the Southern District of Texas rendered the decision on March 31. Heartland's two acquiring banks--Heartland Bank and KeyBank N.A.--process payments for the merchants who make credit-card sales. They hired Heartland as their processor. In a credit card transaction, acquiring banks contact the card-issuer banks to clear the transaction if there is enough credit in the consumer's account. The four "issuer banks" who brought the suit are Lone Star National Bank, N.A.; PBC CU, based in West Palm Beach, Fla.; O Bee CU, based in Tumwater, Wash.; Seaboard FCU, Bucksport, Maine; and Pennsylvania State Employees CU, Harrisburg, Pa. They sued the banks for breach of contract, breach of fiduciary duty, and negligence based principally on the banks' alleged failure to monitor the security of the card processing system's database and ensure the card processor complied with the Payment Card Industry Data Security Standards. Heartland Bank, based in Clayton, Mo., and KeyBank, based in Ohio, both moved to dismiss the case for failure to state a claim on which relief can be granted. Heartland Bank also moved to dismiss for lack of personal jurisdiction in the state of Texas. The court granted Heartland's motion to dismiss on the first point, but concluded "that transfer [of the case from Texas to another court jurisdiction], not dismissal, is the appropriate remedy." Ohio-based KeyBank's motion was also granted, "with prejudice as to the negligence claim and without prejudice as to the remaining claims." The breach, which was announced by New Jersey-based Heartland Payment Systems in January 2009, is the largest data breach on record, with more than 130 million credit and debit cards compromised. As a result, many financial institutions, including credit unions, had to reissue their member/customers cards to prevent fraudulent charges. Many saw fraudulent charges on cards. Multiple lawsuits prompted by the hacking were consolidated into two tracks: one for consumers whose card numbers were accessed, and one for financial institutions that issued the cards that were compromised in the hacking. The financial institution track lawsuit involves two complaints: one against Heartland Payment Systems, and one against the two acquiring banks. A status conference on the case was scheduled for April 18.