[ISN] Heartland Executives Told the Truth, Judge Says

From: InfoSec News <alerts_at_private>
Date: Mon, 14 Dec 2009 01:13:45 -0600 (CST)
http://www.pcworld.com/article/184235/heartland_executives_told_the_truth_judge_says.html

By Robert McMillan
IDG News Service
Dec 10, 2009

Top executives at Heartland Payment Systems spoke truthfully about the 
state of security at the company, a federal judge said earlier this week 
before dismissing a class-action lawsuit against the payment processor.

The shareholder lawsuit, filed in March, was dismissed Monday by Judge 
Anne Thompson of the U.S. District Court for the District of New Jersey.

Heartland was sued by shareholders after its stock dropped nearly 80 
percent following the largest data breach in U.S. history. The 
plaintiffs in the case say that Heartland executives lied when asked 
about the state of the company's security in earnings conference calls 
and by failing to disclose a 2007 SQL injection attack on its payroll 
system in Securities and Exchange Commission filings.

That December 2007 SQL injection attack was important because it gave 
criminals a back door into the company's payment processing system, the 
plaintiffs alleged. Ultimately hackers stole more than 130 million 
credit card numbers.

But in her opinion, Judge Thompson said that because Heartland had not 
confirmed the credit card hack until January 2009, the company's 
executives were telling the truth when they told investors that they 
took security seriously.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Sun Dec 13 2009 - 23:13:45 PST

This archive was generated by hypermail 2.2.0 : Sun Dec 13 2009 - 23:26:14 PST