On Tuesday morning, Heartland Payment Systems President and CFO, Bob Baldwin, stated during a conference call:
Today, we have had several lawsuits filed against us and we expect that additional lawsuits will be filed. We are also the subject to several governmental investigations and enquiry , including an informal enquiry by the SEC and a related investigation by the Department of Justice, an inquiry by the OCC, and an inquiry by the FTC, and we may, in the future, be subject to other governmental enquiries and investigation.
As of this afternoon, I see 16 lawsuits for individual or class action as well as the following lawsuits by banks and credit unions in various federal district courts:
- Amalgamated Bank, Matadors Community Credit Union, GECU, MidFlorida Federal Credit Union, and Farmers State Bank v. Heartland Payment Systems, Inc.
- Lone Star National Bank, N.A. v. Heartland Payment Systems, Inc.
- TriCentury Bank v. Heartland Payment Systems, Inc.
- Lone Summit Bank v. Heartland Payment Systems, Inc.
More will almost undoubtedly follow.
tsk. tsk…this site promotes a national data breach disclosure law, yet you harangue THE ONLY COMPANY EVER (Heartland Payment Systems) to be absolutely & completely fully-disclosive of their breach (the only one they’ve ever had). Accounting for Honesty, Fairness & Full-Disclosure, no other company exists in the world as good Heartland! Regarding PCI compliance, they run as pure as the driven snow…and to lump them among the ilk of TJX simply denotes ignorance of the facts. The bad guys were better than the good guys this time…but as far as Heartland Payment Systems is concerned, it won’t happen again. My advice?…quit writing illegitimate parking tickets and go catch the bad guys.
Obviously we just hear from Heartland in the above post.
Whitehat: I find your comments somewhat surprising. Can you point to any negative or haranguing statement that I have made about HPY? Saying that more lawsuits will undoubtedly follow is simply a prediction based on years of experience covering breaches. I didn’t intend that to come across as snarky in any way. I can certainly be snarky about some breaches or entities who jerk the public around, as readers of my other blog know, but I don’t think I’ve made any such comments about HPY. Reporting news that might not be good news for HPY is not the same as haranguing them, as I’m sure they realize.
If HPY has complaints about my coverage, they have my phone number and are welcome to call me to discuss their concerns. The last communication I received from them was a thank you for taking the trouble to confirm their denial and to post a statement that they have firmly denied being the unnamed processor in another breach. All of my prior communications with them have also been cordial.