Dismissal reversed in data breach case

September 5, 2013

In a high-profile “data breach” case, the district court dismissed several banks’ claims against a credit card processor after hackers entered its system and stole confidential information.  Lone Star National Bank v. Heartland Payment Systems, No. 12-20648 (Sept. 3, 2013).  The banks did not have a contract with the processor.  They sought money damages for the cost of replacing compromised credit cards and reimbursing customers for wrongful charges.  Applying New Jersey law, the Fifth Circuit found that the economic loss rule did not bar a negligence claim on these facts at the Rule 12 stage.  These banks were an “identifiable class,” Heartland’s liability would not be “boundless” but run only to the banks, and the banks would otherwise have no remedy.  The Court also noted that it was not clear whether the risk could have been allocated by contract.  The Court declined to affirm dismissal on several other grounds such as choice-of-law and collateral estoppel, “as they are better addressed by the district court in the first instance.”

Follow by Email
Twitter
Follow Me