Ping Service
Feedback Forms

Cyber Crime and Securities Fraud Litigation: The Next Wave?

Following the publication of our original post on the implications of a cyber attack on investors’ securities portfolios (see here), we have been asked by scores of readers whether securities fraud litigation arising from cyber crime has ensued. Not surprisingly, the answer is “yes.”

Indeed, we have located at least two such cases, one a putative securities fraud class action against a payment processing company and the second an SEC initiated action against a private investor. The results may (or may not) surprise you, depending on your perspective of trial courts’ levels of judicial activism and willingness to render substantive decisions at early stages of litigation.

In re: Heartland Payment Systems, No. 09-1043 (D.N.J. Dec. 07, 2009) remains the paradigm for such litigation. To facilitate its payment processing services, Heartland Payment Systems (“Heartland”) stored millions of credit and debit card numbers on its internal computer network. In December 2007, hackers launched a Structured Query Language Attack (“SQL attack”) on Heartland’s payroll management system. To its credit, Heartland was able to successfully avert the attack before any personally identifiable information was stolen. At the same time, however, the company failed to detect malicious software (“malware”) which had been placed on the network by the SQL attack. The malware infected Heartland’s payment processing system, ultimately enabling the hackers to steal 130 million consumer credit and debit card numbers. Heartland did not discover the breach until January 2009, at which time it notified government authorities and publicly disclosed the event. Over the course of the following month, Heartland’s stock price dropped over $15 per share. Perhaps not surprisingly, shareholder class actions ensued.

In their complaint, plaintiffs alleged that Heartland and its officers and directors had made material misrepresentations and omissions about the December 2007 SQL attack. Specifically, plaintiffs claimed that the defendants concealed the SQL attack and misrepresented the general state of Heartland’s data security. Plaintiffs further alleged that the defendants’ conduct was fraudulent because they were aware that Heartland’s network had been breached, yet they had not fully remedied the problem Read the rest of this entry »

Upcoming HB/NetDiligence Cyber Security Conference, June 9-10, 2011

I am proud to be a Co-Chair of the 2nd Annual NetDiligence Cyber Risk & Privacy Liability Forum which will take place June 9-10, 2011, at the historic Philadelphia Union League. Last year’s program was a huge success and the program planners are expecting the turnout to be even bigger this year.

NetDiligence and HB Conferences have teamed up to pull together thought leaders in the cyber/privacy industry to address the most urgent subjects. The program is fully accredited for continuing education and is priced at a level firms and companies will find attractive.

Over the course of a day an a half, we will present 45 industry-leading experts. I will help moderate the Conference, together with my Co-Chairs, Oliver Brew of Hiscox USA, Toby Merrill of ACE Professional Risk and Meredith Schnur of Wells Fargo Insurance Services USA. Also featured will be a keynote address by Jeffrey L. Seglin, nationally syndicated columnist of The Right Thing and author of The Right Thing: Conscience, Profit and Personal Responsibility in Today’s Business.

For program and registration information, go to I look forward to seeing you there!

Create PDF    Send article as PDF