Wednesday , December 11, 2024

Settlements Still Leave Many Post-Breach Legal Woes for Heartland

With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution. The two recent settlements were the first related to the breach that may have compromised as many as 130 million payment cards (Digital Transactions News, Aug. 18). On Monday, Heartland announced it had agreed to settle the consumer lawsuits arising from the data breach for between $1 million and $2.4 million. That agreement followed Heartland's announcement on Dec. 17 that it would settle potential claims and disputes from American Express Co. and its card-issuer partners for $3.54 million. Heartland wouldn't comment on the settlements beyond its press releases. But according to its third-quarter report, Princeton, N.J.-based Heartland gets 95% of its revenues from Visa and MasterCard transactions, which means that the AmEx settlement likely represents a much smaller expense than potential future claims involving the bank card networks and their issuers. Many issuers replaced cards in the wake of the breach either because of confirmed fraud on compromised accounts or to avoid fraud even though none had been reported. Issuers cover their cardholders for breach-related fraud on their accounts, although consumers do bear the expense of the time and effort to restore their credit or bank accounts and clean up their credit reports. The effect, however, is to limit the exposure breached entities have from claims by consumers. In June, a federal judicial panel appointed the U.S. District Court in Houston to oversee consolidated pre-trial proceedings of 17 separate consumer-related files filed against Heartland. Heartland created an $82.9 million settlement reserve in September. As of Sept. 30, the company had recorded $105.3 million in pre-tax breach-related expenses. Most of the charges were for Visa and MasterCard fines and settlement expenses. In settling the consumer lawsuits, Heartland also said it would pay various administrative costs, including up to $1.5 million for notifications and up to $760,000 to the plaintiffs' attorneys. The settlement is subject to court approval. In a research report on Monday, investment bank Goldman Sachs & Co. called the AmEx and consumer settlements encouraging, but said “heavy lifting remains” for Heartland. That's because the company still faces claims from Visa Inc., MasterCard Inc., and Discover Financial Services; card issuers, and so-called derivative shareholders. In the wake of the big TJX Cos. data breach, both Visa and MasterCard negotiated settlements with TJX to reimburse issuers for their reissuance costs. Some 10 banks and credit unions have sued Heartland so far, according to the quarterly report. Meanwhile, a court dismissed a shareholder class action last month, but Goldman Sachs says the plaintiffs could appeal. A number of government agencies are investigating the breach or have at least contacted Heartland for information. They include the Securities and Exchange Commission, the Federal Financial Institutions Examination Council (the consortium of federal bank regulators), the Federal Trade Commission, the U.S. attorney in New Jersey, various state attorneys general, and the Canadian Privacy Commission.

Check Also

SurgePays Partners With Clover to Ease Marketing at the Point of Sale

SurgePays Inc. is integrating its ClearLine marketing platform with Fiserv Inc.’s Clover point-of-sale technology set. …

Digital Transactions