News and Information

PROPOSED VISA/HEARTLAND DATA BREACH SETTLEMENT MAY PAY BANKS AND CREDIT UNIONS PENNIES ON THE DOLLAR

ACCORDING TO INTERIM CO-LEAD COUNSEL IN THE CLASS ACTION LAWSUIT IN HOUSTON FEDERAL COURT

(Houston, TX) Banks and Credit Unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA.

The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate.

Notice of the proposed settlement was communicated to banks and credit unions throughout the country on January 14. Both VISA and Heartland are aggressively pushing the settlement on the eligible VISA issuers by giving them only until January 29—a total of 15 days—to decide whether to participate. Court appointed Interim Co-lead Counsel representing the proposed class of VISA issuers against Heartland in the pending class action lawsuit in Houston federal court, however, say not so fast—the proposed settlement is not as generous as Heartland and VISA want you to believe.

Pennies on the dollar. According to Interim Co-lead Counsel Mike Caddell of Caddell & Chapman, "There were over 86 million VISA payment cards compromised by the data breach. Once a financial institution factors in the costs it incurred to cancel and reissue the payment cards and the unauthorized charges it was forced to absorb, its share of the settlement most likely will be pennies on the dollar."

Other potentially liable parties are released by contributing little, if anything, to the settlement. "Perhaps the most egregious aspect of the proposed settlement is that Heartland's acquiring banks—KeyBank and Heartland Bank—which also are potentially liable for the data breach damages, will receive a complete release of any liability even though they are contributing little, if anything, to the settlement," said Interim Co-lead Counsel Richard Coffman of the Coffman Law Firm. "The majority of the settlement funds are provided by Heartland, which is downplaying its ability to pay any more money. Yet, KeyBank has $97 billion of assets and Heartland Bank has over $1 billion of assets, which suggests that there are additional sources of money to compensate the issuers for their damages."

"It certainly makes one wonder," Coffman continued, "why VISA would secretly negotiate a settlement on behalf of its issuers that lets the two richest potentially culpable parties off the hook with little, if any, financial investment and then force its issuers to decide within two weeks whether to accept the deal. If I were an executive of a financial institution harmed by the Heartland data breach, I would seriously question whether VISA truly has the best interests of its network members at heart."

Interim Co-lead Counsel filed a complaint yesterday against KeyBank and Heartland Bank in Houston federal court, which alleges that these acquiring banks share responsibility for damages caused by the Heartland data breach.

The settlement selling points are not quite accurate. According to Interim Co-lead Counsel Joe Sauder of Chimicles & Tikellis, "In the informational webinars conducted by VISA, the issuers have been told that this settlement is similar to the one in the TJX data breach case where approximately 97% of the financial institutions elected to participate."

"VISA and Heartland, however, omit some important information," Sauder continued. "The Visa settlement in TJX occurred when that case was in a very different stage in the litigation. There, it was late in the case and the court had issued opinions denying the issuers' motion for class certification and narrowing their legal claims, which meant, as a practical matter, there was no viable alternative for the issuers but to accept the settlement or file individual lawsuits. Also, prior to the settlement, TJX produced over 500,000 pages of documents."

"Here, on the other hand, it is early in the case and there has been no formal discovery. There also are other important factual differences between TJX and the Heartland case. In our view, the proposed VISA settlement clearly is designed to circumvent the safeguards inherent in the judicial process."

Notwithstanding these weaknesses in the proposed settlement, "in the end," Caddell said, "each financial institution must perform its own cost/benefit analysis to determine whether to accept or reject the settlement. While we intend to continue to vigorously pursue our cases against Heartland and its acquiring banks to maximize the recovery for financial institutions, litigation is uncertain at best, and there are risks associated with all cases. There is no such thing as a lay down case, and there are no guarantees that our proposed class action lawsuit will be successful. We simply want to ensure that the financial institutions are making this important decision based on all of the pertinent information."

Interim Co-lead Counsel will conduct conference calls in an effort to provide financial institutions with as much information as possible in order to make a fully informed decision whether to accept or reject the proposed settlement.

To participate in a conference call, please register for one of the scheduled calls listed below by going to the indicated web link:

(All times are Eastern)

Friday, January 22 at 3 pm: http://web.meetme.net/r.aspx?p=1&a=UbxPkHkknMIsAA

Monday, January 25 at 3 pm: http://web.meetme.net/r.aspx?p=1&a=UyxbNOvoOndxnA

Tuesday, January 26 at 10 am: http://web.meetme.net/r.aspx?p=1&a=UjdkINAMYONzhA

Questions you would like addressed during the conference call can be submitted, either during the call or in advance, to csf@caddellchapman.com.

Interim Co-lead Counsel also welcomes the opportunity to individually discuss the case and the proposed settlement with issuers.

Complaint PDF

 

Richard Coffman Designated Co-Lead Counsel for the Financial Institution Plaintiffs in the Heartland Payment Systems Data Breach Litigation

On January 20, 2009, Heartland Payment Systems, Inc. (“Heartland”), a large provider of credit card and debit card processing services based in Princeton, New Jersey, announced that its processing systems were breached last year. As a result of the breach, thieves stole confidential credit card and debit card data from over 100 million customer accounts. Some industry experts believe the Heartland data breach could be the largest data breach in history.

The stolen data includes information contained on the magnetic strips of credit cards and debit cards, such as credit card and debit card numbers, internal bank codes and expiration dates. Thieves already have used a substantial portion of the stolen information to duplicate credit cards and debit cards and engage in unauthorized transactions.

On February 6, 2009, the Coffman Law Firm filed the first lawsuit against Heartland on behalf of banks and credit unions in federal court in New Jersey. Thereafter, the Multidistrict Litigation Panel of the federal court system transferred and coordinated all of the cases filed against Heartland by banks and credit unions, as well as by consumers, to the federal court in Houston, Texas (MDL No. 2046).  Judge Lee Rosenthal has been assigned to preside over the coordinated litigation.

On August 24, 2009, the Court conducted the initial case management conference for the litigation.  During the conference, Judge Rosenthal appointed Richard Coffman of the Coffman Law Firm to serve as Co-Lead Counsel for the Financial Institution Plaintiffs.

Click here to listen to Richard Coffman’s podcast about the Heartland Payment Systems Data Breach Litigation on www.bankinfosecurity.com.

On September 23, 2009, the Financial Institution Plaintiffs filed their Master Complaint.  The Financial Institution Plaintiffs and Heartland will spend the rest of 2009 briefing Heartland’s motion to dismiss.  The Parties anticipate the Court will issue its ruling on Heartland’s motion to dismiss in early 2010.

Click here to read the Financial Institution Plaintiffs’ Master Complaint.

The Coffman Law Firm is experienced in representing financial institutions and prosecuting class actions and data breach litigation. If you have questions about the Heartland data breach or this case, or would like to further explore how we can assist your bank or credit union in recovering the damages it incurred as a result of the Heartland data breach, please contact Richard Coffman at (409) 833-7700 or rc@cofflaw.com.

In addition to the Heartland Payment Systems Data Breach Litigation, the Coffman Law Firm represents clients in the following important cases:

• MDL Docket No. 1806; In re Morgan Stanley & Co., Inc., Overtime Pay Litigation (class action on behalf of securities brokers for failure to pay overtime).
• MDL Docket No. 1807; In re Wachovia Securities, LLC, Wage and Hour Litigation (class action on behalf of securities brokers for failure to pay overtime).
• MDL Docket No. 1819; In re Static Random Access Memory (SRAM) Antitrust Litigation (price fixing indirect purchaser antitrust class action on behalf of consumers).
• MDL Docket No. 1827; In re TFT-LCD (Flat Panel) Antitrust Litigation (price fixing indirect purchaser antitrust class action on behalf of consumers).
• MDL Docket No. 1838; In re TJX Companies, Inc. Customer Data Security Breach Litigation (data breach class action on behalf of consumers).
• MDL Docket No. 1921; In re Nissan North America, Inc. Odometer Litigation (defective odometer class action on behalf of consumers).
• MDL Docket No. 1935; In re Chocolate Confectionary Antitrust Litigation (price fixing antitrust case on behalf of grocery wholesalers and retailers).
• MDL Docket No. 1998; In re Countrywide Financial Corp. Data Security Breach Litigation (data breach class action on behalf of consumers).  
• No. 08-07497; Grimsdale v. Kash ‘N Karry Food Stores, Inc. (Sweetbay); in the Circuit Court for Hillsborough County, Florida (data breach class action on behalf of Florida consumers; case remanded to state court out of MDL Docket No. 1954; In re Hannaford Bros. Co. Customer Data Breach Litigation).
• No. 1:09CV0237; Delarue v. State Farm Lloyds; in the United States District Court for the Eastern District of Texas (class action to recover underpaid business interruption insurance proceeds relating to Hurricane Ike).
• No. 09CV0421; Wilson, et al v. Texas Windstorm Insurance Association; in the 56th Judicial District Court of Galveston County, Texas (class action on behalf of policyholders in Galveston County, Texas who were underpaid for their Hurricane Ike losses).

If you have questions about these cases, information that would assist us in prosecuting these cases or are interested in participating in these (or similar) cases, please contact us today.