Earlier this week, Bank Info Security reported that two Philadelphia-based law firms had filed class-action suits on behalf of all debit- and credit-card holders in the U.S. who had their data stolen in the Heartland data breach:
"The law firm of Berger & Montague filed a class action suit in the U.S. District Court for the District of New Jersey, alleging Heartland's failure to safeguard cardholder data when the company's computer systems were hacked and cardholder data was stolen... Berger & Montague were also co-lead counsel in the consumer class action suit brought against TJX Companies, which resulted in a $200 million settlement. The third class action lawsuit filed in February against Heartland comes from Sheller P.C. of Philadelphia, PA. Sheller's suit against Heartland has similar charges against the payment processor. Sheller P.C. also filed its class action lawsuit in the U.S. District Court for the District of New Jersey."
According to various news reports, Heartland announced on January 20, 2009 that the sensitive financial information that it handles was stolen: consumers' names, credit card and debit card numbers, and expiration dates. The breach occurred sometime during 2008 when malicious software was installed on Heartland's computer network. Heartland said that it processed about 100 million card transactions per month during 2008, but an unknown number of cards were affected by the breach. Fraudulent activity has already occurred on some of those cards.
This data breach was massive. So far, about 330 financial institutions have reported their customers' cards were compromised because of the breach. Those cards must be replaced, old accounts closed, and new replacement accounts opened. All of this costs money and somebody will pay -- hopefully Heartland.
When companies fail to adequately protect consumers' sensitive personal data, there are several consequences. One consequence: consumers can stop shopping at that company, provided it is a retailer. When the company isn't a retailer, other consequences can be applied, such as a class-action lawsuit. Kudos to both Berger & Montague and Sheller PC.