FierceFinanceFierceFinanceITFierceComplianceIT   FierceCIO

Lawsuit against Heartland updated

October 10, 2009 — 9:21am ET | By Jim Kim
Tools
Tags
Visa
Secure Transactions
Robert Carr
Plaintiffs
Heartland
data security
data breach
compliance
Alberto Gonzalez

In the wake of the disclosure of the massive data breach at Heartland Payments Systems--masterminded by Albert Gonzalez--no one was surprised when Heartland was sued. A class action suit was amended last month.

The complaint notes comments by CEO Robert Carr to analysts as early as November 2008. According to the complaint, Carr said he recognized "the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions."  

To plaintiffs, this confirms that the company knew it was offering substandard security. Also at issue is the very issue of PCI-DSS compliance. In March 2009, Heartland was removed from Visa's list of compliant firms. It was added back to the list in May, according to Bank Info Security. All this is very unfortunate. We can only take solace in the fact that it seemed like it prompted the industry to act, on end-to-end encryption and other issues. 

For more:
- here's a copy of the complaint
- here's an article from Bank Info Security

Related Articles:
Heartland's encryption program underway
Breach info sharing gets underway
PCI sets wireless security guidelines
Fraud management and PCI

Twitter   Facebook   LinkedIn   StumbleUpon  
Get Your FREE FierceComplianceIT Email Newsletter:
Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

To combat spam, please enter the code in the image.