No, Shareholders Don't Get To Sue Heartland Just Because It Leaked More Data Than Anyone Else

from the that's-not-how-it-works dept

Mon, Dec 14th 2009 7:15pm — Mike Masnick

Last year, Heartland Payment Systems, leapt into the lead as being the company with the largest data breach of all time (well, that we know of), when it potentially leaked the personal info on somewhere over 100 million people. As typically happens in these sorts of things, a shareholder lawsuit was quickly filed from bummed out shareholders pissed off that the stock dropped (like off a cliff) following the announcement. But, of course, for there to be liability it takes a lot more than just the stock to drop, so it comes as little surprise that the lawsuit has been tossed, as the court said there was no evidence that Heartland execs knew their data was exposed. Friendly reminder to litigious shareholders: just because the company screws something up, it doesn't mean you get to sue.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data leak, lawsuits
Companies: heartland

4 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

ideas, 14 Dec 2009 @ 9:08pm

Maybe this will lead to fewer shareholders of data related companies
just a thought but if they can leak data and not get sued then why invest, bad risk.....
[ link to this | view in chronology ]
Doh, 15 Dec 2009 @ 5:05am

"there was no evidence that Heartland execs knew their data was exposed"

Most execs are not smart enough to know such things.
[ link to this | view in chronology ]
Almost Anonymous (profile), 15 Dec 2009 @ 10:33am

I disagree...
Seems to me, depending on the circumstances, the stockholders could sue for gross negligence. I'd be willing to bet their (Heartland's) security was no where near what it should have been for the type of business they do. This is actually a HUGE problem with many companies, they treat their customer's data (including extremely sensitive financial data) much to cavalierly, and they are not held accountable when their inadequate precautions contribute to a security breach. They should actually be facing criminal charges for allowing such a breach, but I'm sure that won't happen.
[ link to this | view in chronology ]
Crazy Stuff, 15 Dec 2009 @ 11:43am

They had a public facing logon page that was susceptible to an SQL Injection attack in an organization that processes hundreds of millions of credit card transactions according to allegations in the amended complaint that got dismissed.

How could anything be more indicative of company wide negligence to not have cleaned this basic vulnerability up years ago? IMHO.
[ link to this | view in chronology ]