Heartland Payment Systems, Inc. Data Security Breach Litigation
Berger Montague served on the Plaintiffs’ Steering Committee in this multi-district litigation. The case was settled in 2012.
Heartland processes credit and debit card transactions for more than 150,000 merchants nationwide. The lawsuit challenged Heartland’s protection of consumer credit and debit card information processed through its servers, which were attacked by computer hackers in 2008. Plaintiffs alleged that Heartland’s inadequate data security allowed the hackers to access and steal card information in order to commit fraud and identity theft. Plaintiffs alleged that the hackers accessed 130 million credit and debit cards in what was reportedly the largest theft of credit card information in history at the time.
Because of Heartland’s inadequate data security, cardholders had their card information compromised, were exposed to the risk of fraud, spent time to monitor their accounts and dispute fraudulent charges, and suffered other economic damages.
Under the 2012 settlement, Class members were entitled to reimbursement of out-of-pocket losses for: (i) third-party charges resulting from card cancellations or card replacements; (ii) unauthorized and unreimbursed fraud charges on credit and debit cards; (iii) identity-theft-related charges, (iv) telephone or postage costs; or (v) time spent to address any of these matters. Class members could receive up to $10,000 for identity theft charges and $175 for all other items. A fund of $2.4 million was made available for those reimbursements. As part of the settlement, Heartland also agreed to make certain improvements to its data security systems.