Our Bad
(Verbatim • Technology)
Dear ____We regret to inform you that there has been unauthorized access of your ______ MasterCard magnetic strip data. Heartland Payment Systems, one of the nation’s largest payment processors working with more than 250,000 business locations nationwide, experienced an information breach. No cardholder Social Security numbers, unencrypted personal identification numbers, addresses or telephone numbers were involved in the breach, therefore it is highly unlikely the information could be used in identity theft.
But they might have your credit card number, along with about a zillion others.
Heartland immediately took steps to further secure their systems. They are working closely with law enforcement officials and have established a web site to provide updated information – www.2008breach.com.
But it turns out a key question is what Heartland thinks the definition of “immediately” is. Because, as Seeking Alpha’s Anthony Freed reports, neither Heartland nor federal investigators will say exactly when the company learned their computer system had been thoroughly hacked. And,
“The date they settle on may well be the difference between market serendipity and an SEC investigation for insider trading, as an examination of stock sales made by Heartland CEO Robert O. Carr in the second half of 2008 raises some serious questions about just who knew what and when…”
Freed says Carr began to sell of large blocks of his company’s stock beginning in the end of August 2008, something he hadn’t done before, spawning the theory that Heartland could have known about this breach for months. Why not admit it then and save consumers a big boat of financial grief? Well, once Heartland did acknowledge a major hack job, its stock “immediately” lost about half of its value.
As for me,
If you would like to have your MasterCard account closed and opened under a new number as a precaution, please call 800-XXX-XXXX and we will take care of it immediately.
Again with this “immediately” thing. I guess my definition of the word is just faster than my credit union’s. The letter they sent me was dated Jan. 28. That’s apparently more than a week after Heartland admitted to the hack attack in a press release, and it’s even two days after Philadelphia law firm CHIMICLES & TIKELLIS LLP had gathered enough information about the incident that it went out and found a victim, and filed a class-action suit against Heartland seeking:
a. First, Plaintiff seeks relief based on the injuries suffered by her and members of the Class as a result of Defendant failing to provide adequate safeguards to protect its customers’ data, which would have prevented such a widespread security breach from occurring in the first place. Plaintiff also seeks prospective equitable relief to ensure that Heartland takes necessary measures to make certain that such massive data breaches do not reoccur in the future.b. Second, Plaintiff seeks appropriate relief for Heartland’s inexplicable delay, questionable timing, and inaccuracies concerning the disclosures about the security breach that reportedly occurred as early as the Fall of 2008. Plaintiff likewise seeks relief for damages caused by Heartland’s negligence in taking months to determine the existence and scope of the data breach. These unreasonable delays prevented and/or hindered Plaintiff and members of the Class from taking immediate steps to monitor and attempt to safeguard their financial information.
About eight years ago or so, banks and credit unions decided that if you could prove you qualified for a loan, you still couldn’t have one. Instead, they gave you a line of credit by issuing a Visa or MasterCard. You could spend your line of credit at your choice of fine merchants or service providers.
Now that’s convenient!
→ B.Dunn, Jan 31, 2009, 02 36 pm
