No, Shareholders Don't Get To Sue Heartland Just Because It Leaked More Data Than Anyone Else

from the that's-not-how-it-works dept

Last year, Heartland Payment Systems, leapt into the lead as being the company with the largest data breach of all time (well, that we know of), when it potentially leaked the personal info on somewhere over 100 million people. As typically happens in these sorts of things, a shareholder lawsuit was quickly filed from bummed out shareholders pissed off that the stock dropped (like off a cliff) following the announcement. But, of course, for there to be liability it takes a lot more than just the stock to drop, so it comes as little surprise that the lawsuit has been tossed, as the court said there was no evidence that Heartland execs knew their data was exposed. Friendly reminder to litigious shareholders: just because the company screws something up, it doesn't mean you get to sue.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    ideas, Dec 14th, 2009 @ 9:08pm

    Maybe this will lead to fewer shareholders of data related companies

    just a thought but if they can leak data and not get sued then why invest, bad risk.....

    reply to this | link to this | view in thread ]

  2. identicon
    Doh, Dec 15th, 2009 @ 5:05am

    "there was no evidence that Heartland execs knew their data was exposed"

    Most execs are not smart enough to know such things.

    reply to this | link to this | view in thread ]

  3. icon
    Almost Anonymous (profile), Dec 15th, 2009 @ 10:33am

    I disagree...

    Seems to me, depending on the circumstances, the stockholders could sue for gross negligence. I'd be willing to bet their (Heartland's) security was no where near what it should have been for the type of business they do. This is actually a HUGE problem with many companies, they treat their customer's data (including extremely sensitive financial data) much to cavalierly, and they are not held accountable when their inadequate precautions contribute to a security breach. They should actually be facing criminal charges for allowing such a breach, but I'm sure that won't happen.

    reply to this | link to this | view in thread ]

  4. identicon
    Crazy Stuff, Dec 15th, 2009 @ 11:43am

    They had a public facing logon page that was susceptible to an SQL Injection attack in an organization that processes hundreds of millions of credit card transactions according to allegations in the amended complaint that got dismissed.

    How could anything be more indicative of company wide negligence to not have cleaned this basic vulnerability up years ago? IMHO.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Insider Shop - Show Your Support!

Hide this ad »
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Hide this ad »
Recent Stories
Advertisement - Amazon Prime Music
Hide this ad »


Email This

This feature is only available to registered users. Register or sign in to use it.