Law Firms Urge Credit Unions to Reject Heartland Breach Settlement
Three law firms representing credit unions and other card issuers with litigation pending against Heartland Payment Systems are urging card issuers to reconsider signing on to the offer.
Heartland negotiated a settlement offer for issuers with Visa Inc. and jointly announced it with the card brand on Jan. 14. The settlement would have issuers affected by the firm's 2008 card data security breach divide up $60 million for their losses. At least 80% of issuers that had losses have to participate in the settlement in order for it to go forward. Credit unions and other issuers have until Jan. 29 to indicate whether or not they will participate.
Heartland has steadily declined to indicate the total numbers of accounts that were compromised in the breach, but a filing from the company in the litigation indicated that at least 86 million Visa cards were compromised, with an unknown number of cards from other brands. Media reports have carried estimates from Visa that the overall breach has cost its issuers at least $140 million.
The law firms of Caddell & Chapman, the Coffman Law Firm and Chimicles & Tikellis have scheduled conference calls for card issuers from Jan. 22 through Jan. 26.
"We want to stress for financial institutions that they will have to evaluate this offer in light of their own circumstances and situations, and no two issuers are going to be the same," said Richard Coffman, interim lead counsel on the case with the Houston, Texas-based Coffman Law Firm. "There are going to be some credit unions for whom this may seem a very good deal and some that won't take it, again based on their own situations."
Coffman illustrated his point by relating how one of his CU clients has been offered seven-tenths of a penny on the dollar for its losses while another has been offered 26 cents on the dollar. The first CU has already decided not to take the settlement and the second is still thinking it over, he said.
In addition to the low settlement amounts, the law firms also pointed out that Heartland and Visa are pushing credit unions and other issuers to decide whether or not to accept the settlement in a very short amount of time and that the settlement releases Heartland acquiring banks, Keybank and Heartland Bank, from liability for the breach without having them contribute to the redress of issuers' losses.
"It certainly makes one wonder," argued Coffman, "why Visa would secretly negotiate a settlement on behalf of its issuers that lets the two richest potentially culpable parties off the hook with little, if any, financial investment and then force its issuers to decide within two weeks whether to accept the deal. If I were an executive of a financial institution harmed by the Heartland data breach, I would seriously question whether Visa truly has the best interests of its network members at heart."
Greg Smith, CEO of the $3.5 billion Pennsylvania State Employees Credit Union, one of the CUs suing Heartland, said that his CU will not accept the current settlement offer but will continue with its suit.
The CU has been involved in litigation against other retailers responsible for data breaches. It declined to accept an initial settlement offer from BJ's and only settled later after a drawn out legal battle, but it accepted the settlement offer from the TJX breach.
Smith said that he was hopeful that, finally, a case involving a card data breach would get to a jury and said that the three law firms the CU was working with were committed to seeing that happen.
"I can't help but think that when the facts of one of these cases gets to a jury of 12 cardholders, they are going to understand what happened. They are going to get it," he said.
Bruce Cramer, CEO of the $131 million O Bee Credit Union, said his credit union would also not accept the settlement. O Bee is one of the credit unions involved in litigation against Heartland.
"They offered us a settlement on a loss of $150,000," Cramer said. "I don't want to make it seem like $1,200 is nothing, but against that loss, it really isn't worth it to us." he said. The credit union had about 3,000 Visa cards and about 600 MasterCards compromised, he said.
Smith and Cramer acknowledged that credit unions not taking the settlement will risk having to go forward to try to get a better deal, but the law firms pointed out that the settlement offer has been made at an earlier point than similar offers had been made in other cases. This meant that there was more time to strengthen their legal position.
"The Visa settlement in TJX occurred when that case was in a very different stage in the litigation," observed Joe Sauder of Chimicles & Tikellis.
"There, it was late in the case and the court had issued opinions denying the issuers' motion for class certification and narrowing their legal claims, which meant, as a practical matter, there was no viable alternative for the issuers but to accept the settlement or file individual lawsuits. Also, prior to the settlement, TJX produced over 500,000 pages of documents," he said.
"Here, on the other hand, it is early in the case and there has been no formal discovery.? There also are other important factual differences between TJX and the Heartland case.? In our view, the proposed Visa settlement clearly is designed to circumvent the safeguards inherent in the judicial process," Sauder added.