Heartland is reportedly the 5th largest payment processor in the US, servicing some 250,000 businesses nationally. On January 20th, it announced on its Website that a data breach had occurred. The suit alleges that Heartland did not detect the breach on its own, but instead was made aware of it by Visa and MasterCard. This would suggest that despite having received certification for the Payment Card Industry (PCI) Data Security Standard (PCI-DSS), a set of security controls mandated by the major credit card companies, Heartland had not implemented the security controls.
The lead plaintiff, Alicia Cooper of Minnesota, alleges in the complaint, that she was only notified in or around January 23 2009 by her credit union that a card associated with her account was included in the Heartland data breach. The complaint also alleges that the information compromised in the breach can be used to make fake credit cards.
The number of people affected by the data breach could be enormous, according to media reports, suggesting that this class action could be among the largest of its kind, to date.