TRENTON, N.J. (CN) – Heartland Payment Systems, one of the largest payment processors in the country, allowed consumers’ personal financial information to be breached last year and again this year, and failed to adequately inform possible victims of it, a class action claims in Federal Court.
Heartland handles more than 4 billion payments a year, making it one of the top five payment processors in the United States, according to the complaint. It handles payment processing for credit and debit cards, payroll and checks for more than 250,000 businesses.
On Jan. 20 Heartland issued a press release acknowledging a security breach in its system in 2008, according to the complaint. But plaintiffs say Heartland’s president and CFO Robert Baldwin Jr. also acknowledged “evidence of an intrusion last week.” Heartland blamed the apparent data theft of “malicious software,” but the discrepancy in dates makes it unclear when the breach occurred, according to the complaint. It created a Web site www.2008breach.com – to inform customers that their personal information may have been stolen, but it “failed to provide any notice to specific consumers regarding the data breach even though each and every consumer’s identity is known to them,” the complaint states.
Plaintiffs claim this violates federal and state laws and constitutes unfair and deceptive trade. They want statutory, compensatory and treble damages. They are represented by Philip Tortoreti with Wilzentz, Goldman & Spitzer of Woodbridge, N.J.