Heartland Executives Told the Truth, Judge Says

By Robert McMillan
IDG News Service
Dec 10, 2009

Top executives at Heartland Payment Systems spoke truthfully about the
state of security at the company, a federal judge said earlier this week
before dismissing a class-action lawsuit against the payment processor.

The shareholder lawsuit, filed in March, was dismissed Monday by Judge
Anne Thompson of the U.S. District Court for the District of New Jersey.

Heartland was sued by shareholders after its stock dropped nearly 80
percent following the largest data breach in U.S. history. The
plaintiffs in the case say that Heartland executives lied when asked
about the state of the company's security in earnings conference calls
and by failing to disclose a 2007 SQL injection attack on its payroll
system in Securities and Exchange Commission filings.

That December 2007 SQL injection attack was important because it gave
criminals a back door into the company's payment processing system, the
plaintiffs alleged. Ultimately hackers stole more than 130 million
credit card numbers.

But in her opinion, Judge Thompson said that because Heartland had not
confirmed the credit card hack until January 2009, the company's
executives were telling the truth when they told investors that they
took security seriously.