Heartland Breach: Legal Update

Court Dismisses Two Acquiring Banks from Lawsuit
Heartland Breach: Legal Update
A U.S. District Court in Texas has granted motions made by Heartland Bank and KeyBank to dismiss civil actions brought against them for their involvement in the 2009 Heartland Payments Systems breach.

The Heartland breach, the largest reported incident, impacted an estimated 130 million U.S. cards.

Heartland Bank and KeyBank, acquiring banks, along with Heartland Payment Systems, a year ago filed motions with the District Court in Houston to dismiss, claiming the financial institution plaintiffs failed "to state a claim." Heartland Bank also filed a motion to dismiss, based on lack of jurisdiction.

On March 31, the court granted dismissal motions for both banks, but not Heartland Payment Systems. The court granted Heartland Bank's motion based on lack of jurisdiction, but noted in its ruling that a transfer of the case from Texas, not a dismissal, "is the appropriate remedy." Heartland Bank, based in Clayton, Mo., has no operations in Texas. A status conference has been set for April 18 to determine where the case will be transferred.

For KeyBank, the court granted the motion to dismiss based on the motion that the plaintiffs failed to state a claim. The plaintiffs' attorney, Richard Coffman, says a motion to dismiss based on failure to state a claim is not "uncommon."

"This is not uncommon in federal court practice," Coffman says. "'Failing to state a claim' is legalese for, 'Based on the law, I need more information about the claims, so please clarify and restate them.'"

No decision has yet come down regarding Heartland Payment Systems' motion to dismiss.

Case Background

Heartland Bank and KeyBank hired Heartland Payment Systems to process merchant transactions for Visa and MasterCard credit cards. After the breach, five financial institutions sued Heartland Payment Systems, as well Heartland Bank and KeyBank. The suit accused the acquiring banks of breach of contract, breach of fiduciary duty, and negligence, based on the banks' alleged failure to monitor the security of Heartland Payment Systems' database.

What led to the complaint against the acquiring banks was that "other potentially liable parties are released by contributing little, if anything, to the settlement," Coffman told BankInfoSecurity in 2010. "The majority of the settlement funds are provided by Heartland, which is downplaying its ability to pay any more money ... Yet, KeyBank has $97 billion of assets and Heartland Bank has over $1 billion of assets, which suggests that there are additional sources of money to compensate the issuers for their damages."

Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union are the financial institution plaintiffs that filed the civil suit. The five institutions seek recovery for financial losses they suffered as a result of the breach.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.