Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Seven CUs, Banks Appeal Heartland Breach Lawsuit Dismissal
NEW ORLEANS (2/25/13)--Seven credit unions and banks have asked a federal appellate court in New Orleans to reverse the dismissal by a lower court of their  lawsuit against Heartland Payment Systems Inc. over losses from a data breach at the payments processor in 2008.

The motion was filed Feb. 8 in the U.S. Court of Appeals for the Fifth Circuit  by four credit unions--Sea Board FCU, Bucksport, Maine; O Bee CU, Tumwater, Wash.; PBC CU, West Palm Beach, Fla., and Pennsylvania State Employees CU, Harrisburg, Pa.--and three banks--Lone Star National Bank, Amalgamated Bank and First Bankers Trust Co.

The lower court, the U.S. District Court for the Southern District of Texas in Houston, had dismissed the case, saying that the financial institutions were not protected as "third-party beneficiaries" in contracts between Heartland and its two acquiring banks; were not protected under the contracts between Heartland and the major card brands, such as Visa, MasterCard and Discover; and were not consumers who could claim misrepresentation or negligence under various state consumer protection laws (News Now Dec. 15, 2011).

The motion to dismiss makes three arguments:

  • Heartland owed the issuing banks a duty to take reasonable measures to avoid the risk of a foreseeable intrusion into its computer network and theft of the confidential payment card data,  and New Jersey law applies to appellants' negligence claim.
  • The complaint satisfies applicable pleading standards by noting specific facts, including: a Visa executive's statement that the breach would not have occurred if Heartland had been vigilant in maintaining its compliance with applicable security standards; a statement by Heartland' s president that it could have done more to prevent the breach; the removal of Heartland from Visa's Payment Card Industry Data Security Standard-compliant entities;  and fines assessed by MasterCard for not taking appropriate security measures.
  • None of the financial institutions are collaterally estopped from pursuing their negligence claims against Heartland because their claim is for Heartland's failure to adequately monitor its own security systems.
Heartland 's data breach--one of the largest ever recorded--compromised roughly 130 million credit and debit card accounts, including thousands of credit union member accounts. More than 560 financial institutions, including at least 178 credit unions, reissued credit and debit cards as a result of the breach.

Both consumers and financial institutions filed lawsuits. Financial institutions' suits were consolidated into a single case while consumers' lawsuits were consolidated into a separate case. Heartland reached several settlements with Visa, MasterCard and Discover, which also had sued on behalf of their financial institution clients.


RSS print
News Now LiveWire
September is National Preparedness Month. Read how your CU can get ready in #NewsNow #NPM @AgilityRecovery @Readygov
4 hours ago
Bay Area #creditunions featured in @SFBusinessTimes article http://t.co/SE7W81Ulia
6 hours ago
#NewsNow: 8 CU advisory board, new senior leaders named at @CFPB. http://t.co/EPKgHEDRRN
8 hours ago
#NewsNow: @FTC warns of government impostor scams. http://t.co/MMWBOcrqwJ
8 hours ago
Registration open for @CUNAMutualGroup's Discovery Conference #NewNow http://t.co/CATF0j9ct1
9 hours ago