Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Seven CUs, Banks Appeal Heartland Breach Lawsuit Dismissal
NEW ORLEANS (2/25/13)--Seven credit unions and banks have asked a federal appellate court in New Orleans to reverse the dismissal by a lower court of their  lawsuit against Heartland Payment Systems Inc. over losses from a data breach at the payments processor in 2008.

The motion was filed Feb. 8 in the U.S. Court of Appeals for the Fifth Circuit  by four credit unions--Sea Board FCU, Bucksport, Maine; O Bee CU, Tumwater, Wash.; PBC CU, West Palm Beach, Fla., and Pennsylvania State Employees CU, Harrisburg, Pa.--and three banks--Lone Star National Bank, Amalgamated Bank and First Bankers Trust Co.

The lower court, the U.S. District Court for the Southern District of Texas in Houston, had dismissed the case, saying that the financial institutions were not protected as "third-party beneficiaries" in contracts between Heartland and its two acquiring banks; were not protected under the contracts between Heartland and the major card brands, such as Visa, MasterCard and Discover; and were not consumers who could claim misrepresentation or negligence under various state consumer protection laws (News Now Dec. 15, 2011).

The motion to dismiss makes three arguments:

  • Heartland owed the issuing banks a duty to take reasonable measures to avoid the risk of a foreseeable intrusion into its computer network and theft of the confidential payment card data,  and New Jersey law applies to appellants' negligence claim.
  • The complaint satisfies applicable pleading standards by noting specific facts, including: a Visa executive's statement that the breach would not have occurred if Heartland had been vigilant in maintaining its compliance with applicable security standards; a statement by Heartland' s president that it could have done more to prevent the breach; the removal of Heartland from Visa's Payment Card Industry Data Security Standard-compliant entities;  and fines assessed by MasterCard for not taking appropriate security measures.
  • None of the financial institutions are collaterally estopped from pursuing their negligence claims against Heartland because their claim is for Heartland's failure to adequately monitor its own security systems.
Heartland 's data breach--one of the largest ever recorded--compromised roughly 130 million credit and debit card accounts, including thousands of credit union member accounts. More than 560 financial institutions, including at least 178 credit unions, reissued credit and debit cards as a result of the breach.

Both consumers and financial institutions filed lawsuits. Financial institutions' suits were consolidated into a single case while consumers' lawsuits were consolidated into a separate case. Heartland reached several settlements with Visa, MasterCard and Discover, which also had sued on behalf of their financial institution clients.


RSS





print
News Now LiveWire
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
7 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
8 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
10 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
11 hours ago
.@icul's Jury elected treasurer of @WOCCU exec committee http://t.co/HEF1UChN8f
12 hours ago