Heartland Breach: Consumer Settlement Proposed

$4 Million Deal Would Cap Individual Claims at $10K
Heartland Breach: Consumer Settlement Proposed
A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April. The proposed settlement would create a $4 million pool to pay consumers and settle the case.

The Heartland data breach impacted an estimated 130 million credit/debit cards -- the largest such incident ever reported.

In a "fairness hearing" on April 27, U.S. District Court Judge Lee Rosenthal heard from both sides of the class action suit. Several class action suits brought by consumers from around the country were collected into one case in September 2009. The case was heard in the Southern District U.S. Court in Houston, TX.

The class action suit alleged that Heartland failed to adequately protect consumers' personal financial information and violated the Fair Credit Reporting Act. It charges Heartland was negligent, and that constituted a breach of express and implied contract, violating various states' data breach notification statutes and consumer fraud and deceptive and unfair trade practices acts.

What Settlement Offers
As part of the settlement, Heartland would fund an "Actual Damages Fund" of $1 million to reimburse affected consumers. This fund would have additional funding of $1.4 million for claims.

Consumers would be limited to $175 claims for "out-of-pocket" expenses that include telephone or postage costs, other third-party charges resulting from card cancellations or replacements. In the event that a consumer had identity theft as a result of the breach, they could claim up to $10,000 from the fund.

All costs associated with notice to the settlement, including notification of the class, would be paid by Heartland, up to $1.5 million. This amount also includes the costs of claims administration. Heartland would also pay the consumers' attorneys' fees of $725,000.

The seven consumers who filed the class action suit -- Julie Barrett, Mark Hilliard, Derek Hoven, Talal Kaissi, Loretta A. Sansom, Scott Swenka, and Phillip Brown -- state in the settlement that because of the challenge and expense of continued litigation, they "believe that the proposed settlement is an excellent result for the Settlement Class."

Judge Rosenthal will set a date later for the final hearing on the settlement and will have the final word in approving the settlement.

This settlement marks the next to last case against Heartland, the only one left to be decided upon is the financial institution class action suit. A Heartland shareholder suit was dismissed in December 2009.

More Heartland News
The financial institutions' class action case against Heartland gained two more defendants, Heartland's acquiring banks Key Bank and Heartland Bank. The suit brought against the two banks was consolidated into the class action suit brought against Heartland.

The banks' lawyers had filed a motion to dismiss the suit in late March, says Richard Coffman, one of the lawyers representing the financial institutions. The banks have until mid May to file a response to the motion, he says.

Coffman says he suspects that Judge Rosenthal may rule on all of the motions in May. "It could be a distinct possibility. If I were a betting man, I'd venture that Judge Rosenthal may be waiting to get these motions and then put all on same path," Coffman says.

Only one credit card company, MasterCard, has yet to announce a settlement with Heartland. American Express settled with Heartland in December for $3.6 million, and Visa made Heartland pay $60 million in January.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.