A team of lawyers from Pennsylvania have filed a class-action lawsuit against Heartland Payment Systems over the payment processor's potentially record-setting data breach.
Heartland is being sued for its actions both before and since it disclosed last week that organised criminals raided its systems of credit and debit card numbers that potentially belonged to millions of consumers, Benjamin Johns, a lawyer with the Haverford, Pa.-based firm of Chimicles & Tikellis, told SCMagazineUS.com.
The suit was filed in federal court in Trenton, N.J. on behalf of Minnesota resident Alicia Cooper and others who may have been similarly victimised, Johns said. Cooper was sent a letter by her bank that her debit card number was stolen in the breach. 
The complaint alleges that the Princeton, N.J.-based processor only learned of the breach in October after being notified by Visa and MasterCard of suspicious card transactions and then took some three months to isolate the malicious activity.
And when it reported the incident, Heartland made "materially misleading statements and omissions," which included failing to note which retailers and how many consumers were affected, in addition to not providing credit monitoring protection for customers.
"They really downplayed the effect of the breach and the consequences it reaps on consumers," said Matthew Schelkopf, another attorney involved in the case.
The lawsuit seeks compensation for victims and assurance that Heartland has corrected its security shortfalls.
A Heartland spokesman told SCMagazineUS.com that the company does not comment on pending litigation.
Meanwhile, this week, Heartland's Chairman and CEO, Robert Carr, said the company is embarking on an aggressive project to deploy end-to-end encryption across its systems. 
"There is no single silver bullet that will secure payment systems, and
constant vigilance and monitoring of the infrastructure will always be
required," he said. "Nevertheless, I believe the development and
deployment of end-to-end encryption will provide us the ability to
implement increasing levels of security protection as they become
needed."
The breach happened when the hackers were able to embed data-sniffing malware onto an unencrypted segment of Heartland's private network -- controls over which are not mandated under the Payment Card Industry Data Security Standard (PCI DSS)
Gretchen Hellman, vice president of security solutions at encryption provider Vormetric, said organisations should scramble their data "wherever they can" to prevent large-scale breaches. But they also must apply other technologies based on their individual environments.
"PCI DSS is a good guideline and checklist for basic controls that an organisation needs to have but to truly secure your information, you need to look at your unique systems, processes and risks," Hellman told SCMagazineUS.com.
See original article on scmagazineus.com
Heartland sued as payment processor seeks to encrypt more
A team of lawyers from Pennsylvania have filed a class-action lawsuit against Heartland Payment Systems over the payment processor's potentially record-setting data breach.
                        Got a news tip for our journalists? Share it with us anonymously here.
                    
                    
                    
                    
                    
                    
                    
                    
                        
                    
                    
                    
                                 
                 
                               _(5).jpg&h=140&w=231&c=1&s=0) 
             
             
             
             
             
             
            .png&w=100&c=1&s=0) 
             
             iTnews Benchmark Security Awards 2025
                        iTnews Benchmark Security Awards 2025
                     Digital Leadership Day Federal
                        Digital Leadership Day Federal
                     Government Cyber Security Showcase Federal
                        Government Cyber Security Showcase Federal
                     Government Innovation Showcase Federal
                        Government Innovation Showcase Federal
                     Digital NSW 2025 Showcase
                        Digital NSW 2025 Showcase
                    



 
                         
                         
                         
                         
                 
                 
                 
                _(1).jpg&h=140&w=231&c=1&s=0) 
                 
                 
                                    
                                     
                                    
                                    