FierceFinanceFierceFinanceITFierceComplianceIT   FierceCIO

Lawsuit against Heartland updated

October 10, 2009 — 9:21am ET | By Jim Kim

In the wake of the disclosure of the massive data breach at Heartland Payments Systems--masterminded by Albert Gonzalez--no one was surprised when Heartland was sued. A class action suit was amended last month.

The complaint notes comments by CEO Robert Carr to analysts as early as November 2008. According to the complaint, Carr said he recognized "the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions."  

To plaintiffs, this confirms that the company knew it was offering substandard security. Also at issue is the very issue of PCI-DSS compliance. In March 2009, Heartland was removed from Visa's list of compliant firms. It was added back to the list in May, according to Bank Info Security. All this is very unfortunate. We can only take solace in the fact that it seemed like it prompted the industry to act, on end-to-end encryption and other issues. 

For more:
- here's a copy of the complaint
- here's an article from Bank Info Security

Related Articles:
Heartland's encryption program underway
Breach info sharing gets underway
PCI sets wireless security guidelines
Fraud management and PCI

SHARE WITH:
Email Twitter Facebook LinkedIn StumbleUpon
Get Your FREE FierceComplianceIT Email Newsletter:
Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

To combat spam, please enter the code in the image.