Article

Class-action lawsuit filed against RBS WorldPay following breach

By Marcia Savage, Features Editor, Information Security magazine

A class-action lawsuit was filed against RBS WorldPay following a breach of the payment processor's computer system that led to a coordinated ATM scam.

    Requires Free Membership to View

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Three law firms filed the lawsuit last week claiming that the Atlanta-based company failed to comply with industry security standards to protect customers' personal data. "RBS' data security environment failed to meet industry standards, including, but not limited to, ISO and PCI requirements," the lawsuit states.

The suit also contends the company failed to provide timely notice of the breach, and offered inadequate credit monitoring services to customers whose Social Security numbers were compromised. RBS discovered the breach on Nov. 10 but did not announce it until Dec. 23, according to the lawsuit.

RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, reported that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked. The Social Security numbers of 1.1 million of those cardholders may also have been compromised, the company said.

The stolen data was used in a highly-coordinated ATM scam involving cloned payroll debit cards and reloadable gift cards, according to the FBI. The agency is investigating the attack, which occurred in several cities reportedly on Nov. 8. According to published reports, the criminals made off with $9 million.

The suit contends that RBS was intimately familiar with industry data security standards and should have known that its computer system for processing and storing the plaintiffs' personal and financial information was not secure.

Last month, a class-action lawsuit was filed against another payment processor, Heartland Payment Systems Inc., which disclosed in January that criminals broke into its processing system last year.

The lawsuit against RBS WorldPay was filed by Atlanta-based Doffermyer Shields Canfield & Knowles LLC, Sheller P.C. of Philadelphia and Finkelstein Thompson LLP of Washington, D.C. It seeks damages, credit monitoring services and/or identity theft insurance for the plaintiffs, and that RBS WorldPay be required to improve its computer security.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: