Heartland Breach: Inside Look at the Plaintiffs’ Case
Two stories today take a look at the the master complaint (pdf) filed last month in U.S. Southern District Court in Houston.
Linda McClasson of BankInfoSecurity.com provides a timeline and re-hash of the breach that incorporates allegations from the lawsuit, including statements made by Heartland before and after the breach and the statement made by Ellen Richey of Visa, while Evan Schuman of StorefrontBacktalk was intrigued by one incident described in the complaint:
“On the day after the data breach, Heartland conducted a webinar about the data breach for its high-level employees, sales representatives and/or relationship managers. Upon information and belief, Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance. A Referee’s Decision in a Delaware Department of Labor proceeding reached the conclusion that this relationship manager had “good cause” to leave her position at Heartland based, in part, on Heartland’s conduct.” That might prove quite significant or it could be an irrelevant red herring. Either way, it’s not the kind of detail we see very often.