Videos/Images

CSO Security and Risk reports a U.S. district court in Texas has dismissed all but one of the claims brought by several banks against Heartland Payment Systems over the massive data breach the payment processor disclosed in January 2009. Judge Lee Rosenthal of the U.S. District Court for the Southern District of Texas ruled that the banks had basically failed to state proper claims for seeking damages from Heartland. A total of nine banks filed suit against Heartland, claiming it had acted negligently, violated consumer protection laws in multiple states and breached its contractual obligations to the financial institutions. In his ruling, Rosenthal dismissed the negligence claims and the contractual obligation claims. Rosenthal did, however, leave room for the banks to file an amended breach-of-contract complaint in future if they chose to. He also let stand a claim the banks had filed under the Florida Deceptive and Unfair Trade Practices Act. Heartland in 2009 disclosed that unknown hackers had broken into its networks and improperly accessed data on close to 130 million credit and debit cards over a period of several months. The breach, which continues to be the largest ever involving payment cards, resulted in Heartland being hit with a flurry of lawsuits by consumers as well as by banks that had to block, recall and reissue millions of compromised cards.