A U.S. District Judge has ruled to dismiss the majority of claims included in a multi-institution suit against Heartland Payment Systems, which in 2008 was hacked, ultimately compromising 130 million U.S. debit and credit cards.

The Heartland breach, announced in January 2009, was the first card processor breach to attract international attention. A multiparty complaint against Heartland ultimately resulted, after the Judicial Panel on Multidistrict Litigation consolidated individual suits filed by consumers and U.S. banking institutions seeking financial compensation for losses suffered as a result of systems breach.

But earlier this month, after more than two years of litigation, District Judge Lee Rosenthal dismissed the majority of those claims, saying the plaintiffs failed “to state a claim upon which relief can be granted.”

One exception, however, was noted in Rosenthal’s ruling. A violation of the Florida Deceptive and Unfair Trade Practices Act claimed in one of the banking institution suits may be amended. Rosenthal found that the banks’ and credit unions’ claim could be heard if amended to include more than one state’s law and inclusion of more specific details about alleged contractual violations.

Read the full BankInforSecurity.com article here.

Court Gives Preliminary OK to $4M Consumer Settlement in Heartland Case
A federal court in Texas has given preliminary approval to a $4 million settlement of a consumer class-action lawsuit against Heartland Payment Systems Inc. over the massive data breach the payment processor disclosed in January 2009. Under the proposed settlement, Heartland will pay up to $175 to individuals for out-of-pocket expenses stemming from telephone usage or postage costs tied to card cancellations and replacement, or for any unreimbursed charges resulting from unauthorized use of their cards. Read the full BusinessWeek article here.

HHS to Publish Online Listing of Health Care Data Breaches
The Health and Human Services Department has started publishing an online list of more than 60 recent breaches of private patient health care data and intends to share the data for research and investigation. Under the economic stimulus law, HHS got authority to publish breach incidents that affect 500 or more persons. Covered entities, including physicians, hospitals and other health care providers, are required to report breaches of unsecured protected health information to the department in 60 days. Read the full Examiner article here.

New State Privacy Laws Clamp Down on Data
Companies that do business in the states of Nevada, Massachusetts, and Washington are some of the first to come under the jurisdiction of new data security laws that require the use of encryption. Backup data that leaves the data center for the purpose of disaster recovery is a big concern for these companies, and SafeData, which provides options for on-site and cloud-based back up, says it can provide the necessary level of encryption for System i shops. Washington is the latest state to enact a data security and payment card law covering companies that do business with citizens in the state. The law, which was signed into law in early April and goes into effect July 1, requires companies that originate or process debit or credit card transactions to take “reasonable steps” to prevent a data breach. Experts say this requires the use of encryption technology. Read the full IT Jungle article here.

Is The DC Region Ready for a Cybersecurity Corridor?
Telecommunications companies and government contractors dominate the Dulles Toll Road corridor in Virginia, and biotechnology firms line the corridor along Interstate 270 in Maryland. What’s next? Walter P. Havenstein, chief executive of SAIC, predicts it could be a cybersecurity corridor along the Interstate 95 corridor between Washington and Baltimore. The government is doing its part by relocating the Defense Information Systems Agency from Falls Church to Fort Meade, Md. and establishing U.S. Cyber Command and the Navy’s U.S. Fleet Cyber Command at Fort Meade. The base, just south of Baltimore-Washington International Marshall Airport, is already home to the National Security Agency. Read the full Washington Post story here.

White House Sees No Cyber Attack on Wall Street
The White House’s homeland security and counterterrorism adviser says there is no evidence that a cyber attack was behind the chaos that shook Wall Street last Thursday. John Brennan told “Fox News Sunday” that officials have uncovered no links suggesting that cyber attacks caused turbulence that sent the Dow Jones industrials plunging almost 1,000 points before staging a partial recovery at the end of the day. The market already was weak because of the spreading European debt crisis. Some have speculated that a typographical error might have triggered the massive computerized sell-off. Read the full AP story here.

Happy Monday!

U.S. Cybersecurity Czar Says “There is No Cyberwar”
Obama’s new cybersecurity czar doesn’t much like the term “cyberwar,” calling it a “terrible metaphor” and a “terrible concept.” But just in case his dislike of the term didn’t get through, Howard Schmidt flat-out stated that “there is no cyberwar” during a Wired interview at the RSA Security Conference in San Francisco. Schmidt noted that the real cybersecurity threats are online crime and espionage. His words seem to stand in contradiction to a statement last week by Michael McConnell, former director of national intelligence, who told Congress that the U.S. was already in the midst of losing a cyberwar. Schmidt seemed more than willing to downplay McConnell’s Cold War mentality. Read the full Popular Science article here.

Homeland Security Chief Napolitano Seeks Citizen Cybercrime Fighters
Uncle Sam wants to recruit you to help fight cybercrime. Department of Homeland Security Secretary Janet Napolitano is calling on anyone with good ideas for boosting public awareness about the importance of making the Internet safer to step forward. “We are challenging our nation’s best and brightest to utilize their expertise and creativity to devise new ways to engage the public in the shared responsibility of safeguarding our cyber resources and information,” she said. Read the full USA Today article here.

Heartland Breach Still Hitting Banks
Around 5000 First National Bank of Durango customers have been unable to use their cards in stores, although they can still withdraw cash at ATMs. In a notice on its Web site, the bank says: “Please be aware that as a result of a security breach at Heartland Payment Systems that occurred over a year ago, debit cards issued by the First National Bank of Durango may have been compromised.” The warning continues: “It is important to note that there was not a security breach at First National Bank of Durango, our systems remain secure. The breach occurred at a 3rd party processor. Read the full Finextra article here.

Westin Hotel in LA Reports Possible Data Breach
People who stayed at the Westin Bonaventure Hotel & Suites in Los Angeles last year and used their credit or debit card to eat there should keep a close eye on their bank statements. Hotel officials disclosed Friday that the hotel’s four restaurants, along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers’ debit and credit cards. The Westin Bonaventure is in L.A.’s downtown financial district, near the Los Angeles Convention Center and the Staples Center. Read the full Computerworld article here.

Are You Sure You’re Prepared for a Data Breach?
We’ve all seen the sobering stats: Nearly 500 major data breaches have been reported in the United States since the beginning of 2009, impacting more than 220 million records. And that doesn’t even account for the many breaches that weren’t publicly reported. So chances are that your company will be hit by a breach, if it hasn’t already. In fact, some would say it is almost as inevitable as the finger of blame being pointed squarely at you, the company’s senior security professional and chief scapegoat, when a breach strikes. Read the full SC Magazine article here.

BBB Small Business Advice: Reduce the Damage Done by a Data Breach
While the volume of data breaches declined in 2009, data breaches at businesses—as opposed to the government or non-profit sector—are on the rise. Better Business Bureau recommends that small business owners take steps to protect their data and also develop a plan of action in order to react quickly and reduce the damage if a data breach does occur. There were more than 498 reported data breaches in 2009, according to the Identity Theft Resource Center. While this is an improvement from the 657 breaches in 2008, unfortunately, the share of data breaches occurring in the business sector, specifically, increased to 41 percent. Read the full Better Business Bureau post here.

Happy Monday!

In other Heartland-related news, the lawyers representing financial institutions in the data breach lawsuit against are calling a recently proposed $60 million settlement offer from the company as way too meager. In a statement released on Wednesday, the lawyers said the proposed settlement would only pay banks and credit unions “pennies on the dollar,” while releasing Heartland and other potentially liable parties from further legal action. Read more here from the Credit Union Times.

So, we believe that the real lesson learned here is protect yourself from data breaches. Indeed this is a very simple concept and perhaps easier said than done. But there are the many tools, technologies and process to protect customer data. And, wouldn’t you rather make this investment, as opposed to paying out a settlement?