News Stay informed about the latest enterprise technology news and product updates.

Heartland Payment Systems to vigorously defend breach claims, CEO says

Heartland CEO Robert Carr said the company still can't reasonably estimate the potential impact of the data breach on its day-to-day operations.

Heartland Payment Systems Inc., which announced a breach of potentially millions of credit and debit cards last month, said it plans to vigorously defend itself against lawsuits filed as a result of the data breach.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a filing with the Securities and Exchange Commission, Heartland Chairman and CEO Robert Carr acknowledged the claims that cardholders, card issuers, the credit card brands, regulators, and others have asserted, or may assert, against the payment processor as a result of the breach and the impact it could have on the business. Several class action lawsuits have been filed against Heartland, claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems. Carr He said the company could not "reasonably estimate the potential impact of the breach on the day-to-day operations" of the business.

Heartland breach news timeline:
Jan. 21: Payments processor discloses massive data breach - Company says an intrusion of its processing system may be part of a broader fraud operation.
Jan. 28:
Credit unions, banks replace credit cards after Heartland breach - Financial institutions notify customers and reissue or block payment cards affected by the intrusion at payment processor.

Jan. 28: First lawsuit filed in Heartland data security breach - A class action lawsuit was filed against Heartland claiming that the payment processor issued belated and inaccurate statements when it announced a security breach of its systems.

Feb 13:
Three men arrested in connection with Heartland breach - Trio arrested in Florida after allegedly using stolen credit card numbers for purchases at local Wal-Marts, officials said.


Heartland breach highlights PCI limitations: The benefits of complete PCI and the necessity of full compliance are now being widely questioned, says Eric Ogren, principal analyst, The Ogren Group.

"We intend to vigorously defend any such claims and we believe we have meritorious defenses to those claims that have been asserted to date," Carr said. "At this time we do not have information that would enable us to reasonably estimate the amount of losses we might incur in connection with such claims."

The Princeton, N.J.-based payment processor announced Jan. 20 that its systems were breached last year when intruders installed malware to pilfer data crossing the company's network. Since then, Sherriff's authorities in Tallahassee, Fla. arrested three suspects for using stolen credit card numbers to make purchases at local Wal-Mart stores. The credit card numbers used by the trio were allegedly stolen from the Heartland processing center in New Jersey.

Carr said the company's sales force was doing well despite the obvious challenges caused by the combination of the downturn in the economy and the data security breach. The payment processor's current customer base has responded positively, he said.

"In the weeks since our announcement of the breach, we have installed more margin, and have a bit less merchant attrition, than in the same period in 2008," Carr said.

Despite the breach and the current economic conditions, the company expects revenue to grow by 12-16% in 2009. The company said its guidance to financial analysts and investors does not include estimates for potential losses, costs and expenses arising from the data security breach.

In the SEC filing, Carr also reiterated his earlier call for pursing efforts for the development of industry-wide implementation of end-to-end encryption. The goal would be to design protection standards that could protect data at rest as well as in motion, Carr said.

Dig Deeper on Data breaches and prevention strategies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.