Group items tagged

Veterans suffering anxiety and paranoia following the theft of a government hard drive containing the medical histories and Social Security numbers of 198,000 of their brethren cannot recover financial damages, a federal appeals court says. The 11th U.S. Circuit Court of Appeals, in largely dismissing a class-action, ruled Wednesday that the veterans could recoup at least $1,000 under the Privacy Act if they could show financial damages, not mental anguish. What's more, the Atlanta-based court noted that the veterans - some already suffering post-traumatic stress syndrome from their Vietnam War days - likely could recover damages for mental anguish associated with the data breach if the lawsuit was before a different court. That's because the courts of appeal across the nation have issued conflicting interpretations of the Privacy Act of 1974, which allows people to sue the government for privacy breaches and recover "actual damages." Precedent in the 11th Circuit, which includes Alabama, Florida and Georgia, interprets "actual damages" as money losses only. So 198,000 veterans - whose life history was on a hard drive that vanished from a Birmingham, Alabama Veterans Administration hospital - are out of luck, even if their war-time paranoia was exacerbated by the breach. The 11th Circuit noted (.pdf) that the 5th U.S. Circuit Court of Appeals and the 10th U.S. Circuit Court of Appeals "do not restrict 'actual damages' under the Privacy Act to pecuniary losses." And the Supreme Court has refused to resolve the circuit splits.

Until now, lawsuits seeking to recover significant damages based on the loss of, or unauthorized access to, sensitive personal information have not been especially successful for plaintiffs. Most companies suffering data breaches have escaped by offering affected consumers inexpensive credit monitoring services. But two recent cases show plaintiffs a way to expose many previously safe companies to substantial claims for damages. Any company that thinks there are no risks in employing less than best practices for data privacy and security needs a wake up call. The headlines are all too familiar. Some well known consumer services company (or less known wholesale data processor) announces that millions of individual records containing names, Social Security numbers, account numbers and other sensitive information were left in a dumpster, saved to a stolen, unencrypted laptop, or stored on a misplaced USB drive or backup tape. The press is terrible, the company's stock takes a temporary plunge, and sometimes the Federal Trade Commission enters into a consent decree where the company promises to never do it again. But when affected individuals or groups of consumers tried to sue for damages, they seldom recover significant amounts. These cases have not often succeeded because the plaintiffs have been unable to prove actual pecuniary losses resulting from the security breach. Sure, if identify theft occurs the affected individuals can suffer significant emotional trauma, loss of time, etc. But Courts have been unwilling to award damages for anxiety, fear, and other emotional harm that can result from a data breach, for the risk of future identify theft, or for actual identity theft when the plaintiff could not prove that the theft occurred as a direct result of a data breach at a particular source. Most companies facing claims based on data breaches have been able to settle cheaply by offering to provide credit monitoring services, which most consumers do not use, resu

A former Fannie Mae IT contractor has been indicted for planting a virus that would have nuked the mortgage agency's computers, caused millions of dollars in damages and even shut down operations. How'd this happen? The contractor was terminated, but his server privileges were not. Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland (press report, complaint and indictment PDFs). From early 2006 to Oct. 24, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly targeted Fannie Mae's network after he was terminated. The goal was to "cause damage to Fannie Mae's computer network by entering malicious code that was intended to execute on January 31, 2009." And given Fannie Mae-along with Freddie Mac-was nationalized in an effort to stabilize the mortgate market Makwana could caused a good bit of havoc. Makwana worked at Fannie Mae's data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers. The tale of Makwana malware bomb plot is a warning shot to all security teams and IT departments. Given the level of layoffs we've seen lately the ranks of disgruntled former employees is likely to grow. Is there any company NOT lopping off a big chunk of its workforce? And some of these workers may even have Makwana's access privileges and knowledge of the corporate network.

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

Hartmut Mehdorn's days as the boss of German rail operator Deutsche Bahn look to have come to an end as the embattled executive offers his resignation amid a damaging, ongoing data privacy scandal. Mehdorn said he was offering to go because the "destructive debates" over his future were damaging the company. "I have made an offer to terminate my contract with the supervisory board chairman," Mehdorn said Monday, March 20, at a press conference to announce Deutsche Bahn's annual financial results. "I assume that a successor will be appointed before the summer holidays" begin in July. Mehdorn, who has run the state-owned firm since 1999, has been under increasing pressure ever since it was revealed earlier this year that Deutsche Bahn accessed confidential staff data as far back as 1998.

Heartland Payment Systems CEO discusses breach, previews speech Not a week had passed after the announcement of what some have described as the largest data breach ever, when the CEO of Heartland Payment Systems, Robert Carr, began calling for better industry cooperation and new efforts directed at preventing future breaches. Recently, Carr announced that trials will begin late this summer on an end end-to-end encryption system Heartland is developing with technology partners. It is expected to be the first system of its kind in the U.S. The company is also pushing for an end-to-end encryption standard. At the upcoming Practical Privacy Series in Silicon Valley, Carr will discuss the Heartland breach and the role industry, including privacy professionals, must play to prevent future breaches. Here's a preview: IAPP: Many companies have experienced breaches. What made yours different? Ours was different because we are a processor and had passed six years of PCI audits with no problems found. Yet, within days of the most recent audit, the damage had begun. IAPP: Did you have a chief privacy office or a privacy professional on staff before your breach? Do you now? Ironically, when we learned of the Hannaford's breach, we hired a Chief Security Officer who started just three weeks before the breach began. IAPP: In the era of mandatory breach reporting, what is the trajectory of consumer reaction? As a processor it is difficult to really know this. Our customers are merchants who accept card payments. IAPP: Do you think consumers will become numb to breach notices? I believe that many are numb to so many intrusion notices. IAPP: Are breach notices good public policy? Do the notices provide an incentive for companies to change or improve practices? I don't think so. Nobody wants to get breached and the damage caused by a breach is sufficient reason for most of us to do everything we can to prevent them. IAPP: What has Heartland done differentl

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

"This presentation contains statements of a forward-looking nature which represent our management's beliefs and assumptions concerning future events. Forward-looking statements involve risks, uncertainties and assumptions and are based on information currently available to us. Actual results may differ materially from those expressed in the forward-looking statements due to many factors, including without limitation, the impact that the significantly unfavorable economic conditions confronting the United States may have on our business, the results and effects the security breach of our processing system may have on us, including the costs and damages we may incur in connection with the claims arising from such breach that have been made and may in the future be made against us, the extent of cardholder information compromised and the possibility that such security breach could cause us to lose customers or make it difficult for us to obtain new customers, the possibility that we may not be successful in developing and implementing an end to end encryption solution, the possibility that if we are successful in developing and implementing an end to end encryption solution it may not prevent future security breaches of our payment processing system, and additional factors that are contained in the Company's Securities and Exchange Commission filings, including but not limited to, the Company's annual report on Form 10- K for the year ended December 31, 2008. We undertake no obligation to update any forward-looking statements to reflect events or circumstances that may arise after the date of this presentation. Topics / Agenda - The Future of Electronic Payments * What Is The Problem? The Cybercrimes Arms Race * Who Is Heartland Payment Systems? * What Happened and What Has/Will It Cost? * What Did We Do About It and What Are We Doing Now? * Massive Quantity/Quality of Breaches Call for Enhanced Solutions * Our New Solution Called E3 -

Identity thieves using the names and Social Security numbers of Irving Independent School District employees have made thousands of dollars in purchases, school officials say. One woman has been accused of fraudulent use or possession of identifying information and two charges of credit card abuse. A second person linked to the theft case has been arrested but no charges have yet been filed in the Irving case, authorities said. At least 64 of the 3,400 teachers and other employees whose names were on the old benefits report that somehow ended up in the trash have said they are identity theft victims. The school district mailed letters to current and former employees about the breach, but 472 of the letters were returned as undeliverable. Pat Lamb, district security director, said in a story for Sunday's online edition of The Dallas Morning News that the employees at risk of being on the list worked for the district in the 2000-01 school year and had payroll deductions for benefits. "We still do not know how our records were compromised," Lamb said. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster." Lamb said his name was among those on the report, which was generated in 2000. Cynthia Will, a former teacher, pleaded for help from the school board last week. More than $25,000 was charged in her name, including a $4,000 diamond ring, the newspaper reported. "It was stunning the damage that was done in just seven days," she told the board. Will has to carry an affidavit stating that she is an identity theft victim and if there are warrants on her old driver's license number that they are not for her. Dawn Bizzell, who has taught in the district since 1996, said district officials acted too slowly. An employee advisory wasn't posted until Jan. 26. Bizzell said she learned she was an identity theft victim on Nov. 28 and police told her of the district connection on Dec. 3.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

A former Miss West Virginia has won a $7.2 (NZ$12.6) million verdict against nine internet companies that tried to sell pornographic videos they falsely claimed featured her. A jury in US District Court in Clarksburg on Wednesday ordered each defendants to pay Allison Williams $800,000 for damaging the 2003 beauty queen's reputation and invading her privacy. Williams' attorney is appealing US District Judge Irene M. Kelley's decision to dismiss 28 other defendants in the United States, Australia, the Netherlands, Belgium, Cayman Islands, Canada and South Africa that allegedly took part in distributing the bogus videos. The videos surfaced in the fall of 2004. The videos show a woman that they claim to be, but isn't Williams, engaged in sex in the back of a television news truck.

Stay Online on the world wide web online roulette from Contemporary sydney, Fun and Free! Now you is capable of doing Actual "www.funlivecasino.com.au" Stay Online on the world wide web online roulette for Fun in Contemporary sydney on a product new web page, FunLiveCasino.com.au. Using the newest on the world wide web operating technology, Fun Stay Gambling house allows you be a part of a genuine action occurring on a genuine desk in a genuine betting house, all approved on Live! You can see other real gamers in the betting house betting on the same outcomes you do providing you greatest believe in in the outcomes as they are not designed 'just for you a, like other action experiencing items such as 'live studios' or pc designed actions. Its awesome to think next time your really in the betting house that you might be on digicam, and individuals on the world wide web might be watching! The long run is scary! Believe one day soon this will be the only way individuals would bet on the world wide web because the worldwide web is complete of fraudsters, you have to be extremely cautious, and why would you perform Online Online on the world wide web online roulette any other way except from a Actual Gambling house you can check out, see, pay attention to and trust! Amazingly this site is absolutely 100 % 100 % 100 % free and has no determining upon up process, no junk, no pc rabbit mouse mouse clicks and no pressure. Just Immediate Fun "www.funlivecasino.com.au" 100 % 100 % 100 % free Stay Roulette! Give it a try, its value verifying out! "www.funlivecasino.com.au"Australia's Online Fun Stay Casino! Backlinks designed from http://fiverr.com/radjaseotea/making-best-156654-backlink-high-pr

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday. The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials. The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website. "The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians." The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year." The administration of U.S. President Barack Obama was not immediately available for comment on the newspaper report. Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on." Officials said water, sewage and other infrastructure systems also were at risk.

The global economic crisis has become the biggest near-term U.S. security concern, sowing instability in a quarter of the world's countries and threatening destructive trade wars, U.S. intelligence agencies reported on Thursday. The director of national intelligence's annual threat assessment also said al Qaeda's leadership had been weakened over the last year. But security in Afghanistan had deteriorated and Pakistan had to gain control over its border areas before the situation could improve. "The financial crisis and global recession are likely to produce a wave of economic crises in emerging market nations over the next year," said the report. A wave of "destructive protectionism" was possible as countries find they cannot export their way out of the slump. "Time is our greatest threat. The longer it takes for the recovery to begin, the greater the likelihood of serious damage to U.S. strategic interests," the report said. The report represents the findings of all 16 U.S. intelligence agencies and serves as a leading security reference for policymakers and Congress. Besides reviewing adversaries, it also considered this year the security impact of issues including climate change and the economy. It said a quarter of countries have already experienced at least "low-level" instability, such as government changes, linked to the economy.

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities. The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts. Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an multi-agency "Cyber Task Force," to conduct the review with an eye to ensuring that cybersecurity efforts are well-integrated and competently managed. "The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said John Brennan, the president's homeland security adviser. Hathaway's appointment comes as Obama plans to overhaul the National Security Council, expanding its membership and effectively centralizing more decision-making in the White House staff. That would vest more authority in a staff run by James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage. During a panel discussion that CNET News wrote about last fall, Hathaway defended Homeland Security's efforts to develop what it called a National Cyber Security Initiative, saying there was "unprecedented bipartisan support" for it. "Over the past year cyber exploitation has grown more sophisticated, more targeted, and we expect these trends to continue," she added. "Our cybersecurity approach to date has not kept up with the threats we've seen."

In an indication of the legal troubles that companies can find themselves in over data breaches these days, several banks and credit unions have begun suing Heartland Payment Systems Inc. over its recently disclosed data breach. In the six weeks since the potentially massive breach was disclosed, eight banks and credit unions have filed lawsuits against Heartland over its alleged failure to take adequate measures for protecting credit and debt cardholder data. Heartland said on Jan. 20 that unknown intruders had broken into its network sometime last year and accessed payment card data belonging to an undisclosed number of customers. The breach, thought to possibly be the biggest ever disclosed, has already affected over 500 financial institutions, including a handful in the Bahamas, Bermuda and Canada. The lawsuits seek compensation from Heartland for the costs that the financial institutions said they've had to bear in notifying affected customers about the breach and in reissuing new payment cards. The lawsuits also claim damages from Heartland for costs of the alleged fraud that the banks claimed have resulted from the breach.

An insurance company seeking to challenge the authority of Canada's privacy legislation and the privacy commissioner in an auto injury case will have to go to the Federal Court to make its case, the New Brunswick Court of Appeal has ruled. In State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada and Attorney General Canada, State Farm argued that Canada's privacy regime does not apply to surveillance tapes the insurer commissioned following a motor vehicle accident in 2005. In March 2005, Jennifer Vetter, insured by State Farm, was involved in a motor vehicle collision with Gerald Gaudet. State Farm subsequently hired a lawyer in anticipation of litigation by Gaudet against Vetter. The insurer also hired private investigators that conducted video surveillance on Gaudet. Gaudet filed a request under Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), that State Farm turn over to him the personal information it had compiled, including copies of the surveillance reports and tapes. State Farm went to the New Brunswick Court of Queen's Bench asking for "declaratory" relief on several issues. Among other things, the insurer asked for a court order declaring that PIPEDA did not apply to information obtained in a bodily injury damages claim. It also asked the court for an order confirming that the privacy commissioner had no right or authority to compel State Farm to turn over the documents. The privacy commissioner asked for a stay of proceedings in the New Brunswick court, arguing that the authority of the privacy commissioner was a matter for the Federal Court (which has jurisdiction over federal legislation such as the PIPEDA). The New Brunswick Appeal Court noted both the provincial and federal courts have jurisdiction to hear cases about the constitutionality of federal legislation. But only the Federal Court could determine the outcome of a direct challenge to the authority of the p

A couple in Pittsburgh whose lawsuit claimed that Street View on Google Maps is a reckless invasion of their privacy lost their case. Aaron and Christine Boring sued the Internet search giant last April, alleging that Google "significantly disregarded (their) privacy interests" when Street View cameras captured images of their house beyond signs marked "private road." The couple claimed in their five-count lawsuit that finding their home clearly visible on Google's Street View caused them "mental suffering" and diluted their home value. They sought more than $25,000 in damages and asked that the images of their home be taken off the site and destroyed. However, the U.S. District Court for Western Pennsylvania wasn't impressed by the suit and dismissed it (PDF) Tuesday, saying the Borings "failed to state a claim under any count." Ironically, the Borings subjected themselves to even more public exposure by filing the lawsuit, which included their home address. In addition, the Allegheny County's Office of Property Assessments included a photo of the home on its Web site. The Borings are not alone in their ire toward the Google Maps feature. As reported earlier, residents in California's Humboldt County complained that the drivers who are hired to collect the images are disregarding private property signs and driving up private roads. In January, a private Minnesota community near St. Paul, unhappy that images of its streets and homes appeared on the site, demanded Google remove the images, which the company did. However, Google claims to be legally allowed to photograph on private roads, arguing that privacy no longer exists in this age of satellite and aerial imagery. "Today's satellite-image technology means that...complete privacy does not exist," Google said in its response to the Borings' complaint Not long after the feature launched in May 2007, privacy advocates criticized Google for displaying photographs that included people's faces and car license

An Italian judge on Wednesday gave the go-ahead to a case in which Google (GOOG) could be held responsible for content it hosts but does not produce. The case centers on a 2006 video of four Italian youths taunting a child with Down syndrome. In the video, one of the youths incorrectly claims to be part of a small Down syndrome advocacy group called Vivi Down. The video was uploaded to the Google Video site, where it stayed for two months. Prosecutors have filed charges against five Google executives, saying they were in violation of Italian privacy laws and of contributing to the defamation of Vivi Down. At the heart of the case are two main questions: Should sites such as Google Video be held responsible for the content they host? And should such non-brick-and-mortar New Economy companies be subject to the laws in countries where they are not based? "The outcome of this will be to determine how big companies like Google should be expected to act," said Raffaele Zallone, a former chief counsel for IBM's Italian offices and the attorney representing a woman seeking damages in a secondary case tacked onto the main charges. FIND MORE STORIES IN: Italy | Google Inc | International Bus. Machines | Milan | New Economy Zallone, along with Milan prosecutors, the city's ombudsman and an attorney for Vivi Down, the advocacy group, say Google should have become aware of the offending video sooner and removed it sooner. Guglielmo Pisapia, Google's lead attorney in the case, denies any wrongdoing and says Google could not have acted differently. "Google did not produce the video, and when they received an official complaint, they removed it within five hours," said Pisapia, a former member of the Italian parliament. "If the argument is that they should have evaluated the video before it was posted, then that is a dangerous precedent." Oliviero Rossi, an author and commentator on technology issues, says unusual cases that push the limits of the law as this one does are

Two Philadelphia law firms have filed class action suits on behalf of all cardholders in the U.S. who had their credit or debit card data stolen in the Heartland Payment System (HPY) data breach. This brings to three the total number of class action lawsuits filed against the Princeton, NJ-based payments processor. The law firm of Berger & Montague filed a class action suit in the U.S. District Court for the District of New Jersey, alleging Heartland's failure to safeguard cardholder data when the company's computer systems were hacked and cardholder data was stolen. Heartland says last year it processed 100 million card transactions per month, but an unknown number of cards were impacted by the breach. The law firm says fraudulent activity has occurred on some of those cards. The law firm alleges that Heartland's security measures and intrusion detection systems were inadequate. "Because of Heartland's inadequate data security, cardholders have had their card information compromised, have been exposed to the risk of fraud, have spent and will spend time to monitor their accounts and dispute fraudulent charges, and have suffered other economic damages," the law firm says in its statement regarding the suit. Berger & Montague were also co-lead counsel in the consumer class action suit brought against TJX Companies, which resulted in a $200 million settlement. The third class action lawsuit filed in February against Heartland comes from Sheller P.C. of Philadelphia, PA. Sheller's suit against Heartland has similar charges against the payment processor. Sheller P.C. also filed its class action lawsuit in the U.S. District Court for the District of New Jersey. Sheller P.C. has also filed a consumer class action suit against RBS WorldPay for its security breach that was made public on Dec. 23, 2008. Previously, Chimicles & Tilellis LLP of Haverford, PA filed suit in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Co

Nearly one week after news emerged of the big data breach at Princeton, N.J.-based merchant acquirer Heartland Payment Systems Inc., it remains unclear how much damage actually happened and who did it. One report suggests Heartland's breach-related legal liabilities could approach $98 million, an estimate a Heartland spokesperson dismisses as speculative. The spokesperson tells Digital Transactions News on Monday that the so-called "sniffer" program secretly planted on one of Heartland's payment-processing platforms was not being used when investigators found it about two weeks ago. "It was inactive," the spokesperson says. "I want to be specific to say it was inactive," he adds, clarifying that the hackers hadn't deliberately disabled or deactivated it. Robert Carr, Heartland's chief executive, meanwhile, issued a statement calling for better industry cooperation and new operational procedures to prevent future data compromises, including industrywide, end-to-end encryption to fully protect cardholder data. Heartland uses encryption, but industry procedures leave data unencrypted during one brief point of the authorization process-a weakness that hackers have learned to exploit. Carr also said Heartland is working on its own system of end-to-end encryption.

Payment processor Heartland Payment Systems has been sued over a data breach it disclosed publicly on Inauguration Day last week. The lawsuit, filed on Tuesday in U.S. District Court in Trenton, N.J., alleges that Heartland failed to adequately safeguard the compromised consumer data, did not notify consumers about the breach in a timely manner as required by law, and has not offered to compensate consumers for costs they may incur in protecting themselves from identity fraud. In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion only in the previous week and immediately notified law enforcement and credit card companies. Heartland was alerted in late October to suspicious activity surrounding processed card transactions by Visa and MasterCard and hired forensic auditors who uncovered malicious software that compromised data in the company's network, said Robert H.B. Baldwin Jr., chief financial officer of Heartland, last week. The lawsuit seeks damages and relief for the "inexplicable delay, questionable timing, and inaccuracies concerning the disclosures" with regard to the data breach, which is believed to be the largest in U.S. history. Heartland executives have declined to specify how many consumers or accounts were affected. The company handles 100 million transactions per month for more than 250,000 merchants. The lawsuit, first reported by SearchSecurity news site, also accuses Heartland of negligence in taking more than two months to determine the existence and scope of the breach and criticizes the company for failing to identify which merchants were affected by the breach. The suit was filed on behalf of Woodbury, Minn., resident Alicia Cooper, who was notified last week by her credit union that a card associated with her account was included in the breach. It seeks class action status. A Heartland spokesman said the company could no