follow-up: Heartland Executives Told the Truth, Judge Says

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.pcworld.com/article/184235/heartland_executives_told_the_truth_judge_says.html

By Robert McMillan
IDG News Service
Dec 10, 2009

Top executives at Heartland Payment Systems spoke truthfully about the 
state of security at the company, a federal judge said earlier this week 
before dismissing a class-action lawsuit against the payment processor.

The shareholder lawsuit, filed in March, was dismissed Monday by Judge 
Anne Thompson of the U.S. District Court for the District of New Jersey.

Heartland was sued by shareholders after its stock dropped nearly 80 
percent following the largest data breach in U.S. history. The plaintiffs 
in the case say that Heartland executives lied when asked about the state 
of the company's security in earnings conference calls and by failing to 
disclose a 2007 SQL injection attack on its payroll system in Securities 
and Exchange Commission filings.

That December 2007 SQL injection attack was important because it gave 
criminals a back door into the company's payment processing system, the 
plaintiffs alleged. Ultimately hackers stole more than 130 million credit 
card numbers.

But in her opinion, Judge Thompson said that because Heartland had not 
confirmed the credit card hack until January 2009, the company's 
executives were telling the truth when they told investors that they took 
security seriously.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php