Slashdot Mirror
Heartland Security Breach Class Action: Victims $1925, Lawyers $600,000
Fluffeh writes "Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"
Or are you going to whine about the lack of a free market legal system?
$2k total out of almost $4m on the case is *justice* when being sued for a credit card breach?
Most of them end up with the actual aggrieved getting $20 and the lawyers getting the six-figure payout.
This is sickening. No one in their right mind would argue otherwise. When lawyers make the rules (be it through lobbies or becoming lawmakers themselves), they favor their kind.
We're becoming more and more a society in which the do-nothings make out like bandits. That can't last much longer, can it?
Look at the google ads that came up on this page,
Injury Compensation Claim
How Much Is Your Injury Worth? Free Evaluation With An Attorney!
Get Cash From Lawsuit Now
Don't Wait For Settlement-Get Cash Now-If You Don't Win-You Pay Zero!
Medical Malpractice Case
Pain & Suffering from Your Injury? Talk to a Local Attorney for Free.
I don't know... I think the article summed it up pretty nice:
Actual victims got: $1925
Heartland spent $1.5 million to find the people to give out that $1925.
Somewhere around $998,075 goes to non-profits
The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each.
Nice work if you can get it.
This lady opted out of a class action and took Honda to small claims court and won.
http://www.insurancejournal.com/news/west/2012/02/03/234115.htm
I love Jesus, except for his foreign policy.
That might be the most idiotic thing I have ever read. What constitutes justice about paying money to a infinitesimal minority of the total affected people? What is justified about paying lawyers a salary for this boondoggle? You're trying to imply there was nothing better that could have been done with millions of dollars?
The courts shouldn't care about costs. Right. That's a pretty stupid attitude.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
No one expects the lawyers to work for free but the lack of a true plaintiff in class action suits creates a situation where the lawyers can strike a deal best for them and not the client. What we need is the ability to class action sue lawyers for unfairly enriching themselves via class action suit...
the whole point of the justice system is to make the process so expensive that a company or individual will think twice the next time about committing a tort or not following the law
if there is no economic penalty then people will just break the law if it doesn't cost them anything
let's get rid of one of the last weapons the people have against corporate abuse
well other than actual weapons. Let's ask Marie Antoinette how that worked out.
Snowden and Manning are heroes.
Laws are written by lawyers, administered by lawyers, and judged by lawyers.
You can't understand laws without lawyers, you can't hope to defend yourself in court without a lawyer.
You do realize the system is set up to require a lawyer, right?
And no lawyer has any real stake in simplifying or reducing the input of lawyers.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
That might be the most idiotic thing I have ever read. What constitutes justice about paying money to a infinitesimal minority of the total affected people?
Because the total affected people were barely affected, and none of them would have been able to get a lawyer to fight this individually for them.
What is justified about paying lawyers a salary for this boondoggle?
They fronted the expense for the lawsuit and fought it... for 5 years. They managed to catch the company doing something really, really wrong, fought them in court, and won, forcing the company to change their ways. What isn't justified about paying them for that 5 years of work?
You're trying to imply there was nothing better that could have been done with millions of dollars?
I'm sure the company's CEO would have liked to buy another jet with it.
The courts shouldn't care about costs. Right. That's a pretty stupid attitude.
Thinking lawyers shouldn't get paid when they force a company to stop being evil is a pretty stupid attitude, too.
The time has come for the legal profession to become fully accountable to the public like the rest of the white collar professions. Lawyers should not sit on the Bar associations; businessmen, doctors, engineers, etc. should be the ones judging the professional conduct of lawyers. Lawyers have little to no education in these matters but deem themselves fit to judge every facet of how we do our work. Why is it then so outrageous to think that similarly intelligent and educated people from different fields should be the ones judging their ethics, billing practices, etc.?
And a grand total of $0 towards preventing any future data breaches.
A fair settlement in any data loss case would include significant steps taken towards preventing the same thing from happening again.
I've gotten several letters asking me to join class action lawsuits, and I always send them straight to the trash.
These suits aren't going to result in any meaningful personal compensation for any harm or inconvenience you have suffered. The only time I would even consider participating is if I thought it was a case of such egregious bad behavior that the company needed to be punished.
Sheesh, evil *and* a jerk. -- Jade
meh... I don't know... there's a reason the court was ok with awarding $2k to those 11 people.
Fact is, when your credit card is stolen, by law you're limited to paying $50 (and most bank's don't even ask you to pay that). Everything else is recovered from the merchants who accepted the fraudulent charges, and removed from the credit card balance. The bank then replaces the credit card (something Heartland would have been responsible for paying for as part of their merchant agreement).
If your bank removed all of the fraudulent charges, then you do not have a loss. Courts cannot reimburse you for fictional or imaginary losses. Furthermore, this isn't your social security number... when the credit card is replaced, the card number is changed, which means there won't be any additional fraudulent charges.
$2k is probably what those 11 people could prove they were out as a result of the breach.
If the point of the trial is to determine guilt and punishment, that should be a job for criminal court. Civil courts exist to compensate those harmed, not just their lawyers.
I'd like to see reform of the system to dictate a maximum payout to plaintiff's lawyers of less than 25% of the amount awarded to plaintiffs.
I don't live in a place where CCs are all that common, but in the US, isn't it common to use the CC number for recurrent billing? Won't this force you to spend a lot of time contacting each service provider to update that info? I think that would be a very real loss.
Dilbert RSS feed
If your bank removed all of the fraudulent charges, then you do not have a loss.
As someone who has had a fraudulent charge on my account, and as the person who submitted this story, I am amazed by your statement. I chased my (previous) bank for three weeks, made numerous phone calls and had to go into a branch twice to get my account re-imbursed the charges. If you can call that "no loss" then you must clearly place exceptionally little value on your own time and effort. Even if the bank reimbursed me for my time at my normal salary-per-hour rate, it would have been substancially more than the measly $200 that Heartland paid out to these 11 "valid" claims.
I am also quite curious about how you can claim that out of 130,000,000 credit card details that were stolen, a $2,000 settlement to victims who were really "found" is okay. People who pinch credit card details don't do it because they are bored. They don't do it to see if they can. Someone clever enough to do this sort of operation is very much likely going to sit on the cards for a while, then charge them $1 each with a statement comment of "interest fee" or "aministration fee", sell them to others for a pittance in bunches and have them see what they can rifle through before they are caught (which means that countless individuals again go through a laborious process of showing that it wasn't them spending the cash) or any other number of means to money without getting caught. I would have hoped that this class action case would have been a resounding "Pay attention to security of your customers, else it will cost you a LOT of money" message to all the other merchants out there, but sadly it has been much more of a "Meh, you win some, you lose some, you still foot the bill to the customers in the long run..." message. It is nothing short of shameful.
Moved to http://soylentnews.org/. You are invited to join us too!
I chased my (previous) bank for three weeks, made numerous phone calls and had to go into a branch twice to get my account re-imbursed the charges
I would suggest changing banks then. I've had my credit card stolen too. I called my bank, they refunded the charge to the card while they investigated, and sent me a letter to sign. Received it a week later, signed it (1 statement, and a checkbox, IIRC), and sent it back. Received a replacement card about the same time. About 6 week later, they sent me a letter saying they finished the investigation, and removed the charge from the account.
I am also quite curious about how you can claim that out of 130,000,000 credit card details that were stolen, a $2,000 settlement to victims who were really "found" is okay.
The lawyers spent $1.5m contacting each of those people asking if they had any losses. 11 is all they could find.
And it isn't like these 130 million people aren't known. After the breach, auditors, forensic investigators come in.. The banks know who each and everyone of these people are. It would have all been disclosed after the breach was discovered.
Interestingly, if the company had decided to just pay all 290 claimants their $2000 and not pay the laywers anything, they would have had around $1.5 million to blow on executive bonuses.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
...except you are neglecting the actual breach.
You are also glossing over the actual cost of litigating this.
This is basic pro-corporate propaganda.
It would be nice if there were some criminal cause of action here and the relevant prosecutor(s) actually cared. In the absence of that, the only thing keeping the Soylent Corporation at bay is some self-interested lawyer.
A Pirate and a Puritan look the same on a balance sheet.
I personally haven't experienced abuse of my card details - so far as I know. But if I did, how could I tell who was responsible - especially when there are vast leaks like this? It seems like it would be more fair to have an industry-wide fund to compensate victims, which the leaking companies would pay into proportionately to the number of valid details leaked.
My parents lost ~$2.5 million in a ponzi scheme. They caught up with the guys who perpetrated it, and all of the clients were automatically added to a class-action suit against them preventing my parents from pursuing their own legal action. The class-action lawyers actually threatened to inhibit an individual case if my parents opted out.
Eventually, they won, and they recovered several tens of millions from these people to cover the ~$72 million he bilked the customers for. A percentage of investment that would be returned was decided on and it worked out to be about $800,000 for my parents. Well, because it was a class-action suit, the lawyers took nigh to 80% of that money. My parents were awarded about $35,000, and the lawyer kept the other $765,000 as their 'fee'.
Consider they did this to all of the plaintiffs. They ended up with OVER 80% of the people's money who were screwed out of their life savings, and ruined by these people. Several 80-year-old ladies who had their entire $60,000 retirement fund stolen, who were only returned $250 and subsequently went bankrupt and lost their health insurance. I haven't followed up, but I would be surprised if at least one of them hasn't experienced medical trouble or death as a result of this 'fee' keeping them from their just returns.
The lawyers did the same thing as the original criminals to these people. Who are the REAL criminals here?
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
"Discourage litigation. Persuade your neighbors to compromise whenever you can. Point out to them how the nominal winner is often a real loser -- in fees, expenses, and waste of time. As a peacemaker the lawyer has a superior opportunity of being a good man. There will still be business enough."
--Abraham Lincoln
I'd guess that very few people with recurrent credit card billing have more than a half dozen organizations involved with that. Most of those can be updated via the internet. Less than an hour and the job's done. It's something that has to be done every few years anyway, as the expiration date changes.
Contribute to civilization: ari.aynrand.org/donate
And who would write a bill to reform the system? Lawyers?
Not really. Most of those if not all will reach out to you if the card fails for some reason, and I've found that explaining what happened will get them to forgive you for any kind of perceived breach of conduct or contract.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I don't know... I think the article summed it up pretty nice:
Actual victims got: $1925
Heartland spent $1.5 million to find the people to give out that $1925.
Somewhere around $998,075 goes to non-profits
The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each.
Nice work if you can get it.
The lawyers who brought the lawsuit got $606k for helping 11 people get $2k and helping nonprofits get $1000k. Oh, and those lawyers spent 5 years doing it. And they had to pay all the costs up front, so don't forget the compound interest. And they have to pay their paralegals, staff, IT guy, rent, etc. for those 5 years. The individual lawyers probably ended up making about $20-30k per year. Not nearly as nice work, unless you can take on five or six of these at once.
it could be settled in a matter of weeks or a month or two
Do you have experience litigating complex cases?
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
The problem is that the lawyers negotiated both for their own pay and for the final payout. Could they settled 3 years earlier, got 5 times as much money for each of the victims, with the company paying less overall (saving money in payments to their own lawyers and to the class action lawyers)?
But why should the class action lawyers settle? The longer they drag out the case, the more money they get - regardless of the benefit to the victims. In a normal lawsuit, the plaintiff can accept the settlement over the objections of the lawyer. The plaintiff is, after all, the person who initiates the action and has the power to end it. In a class action lawsuit the plaintiffs don't have any control.
I'm not saying class action lawsuits are completely bad - most people wouldn't bother to sue at all - but the current system provides very little benefit to the victims. It is primarily a jobs program for lawyers.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
"Nice work if you can get it." For making $606,192.50 over FIVE YEARS? Consider how many thousands of hours they had to spend on the case, that doesn't sound like nice work at all.
As a lawyer who has worked on large class actions, it's difficult to settle early. First, corporate defendants usually won't even consider settling until the case has gone on long enough for them to realize they did something wrong. Second, it's unethical to even make a settlement offer on the plaintiff's side unless you know how many people were affected, and the approximate damages they suffered, which can take a long time to figure out. Also, to foreclose accusations of thievery and predation, no, they weren't "coupon" cases, I never got rich working on class action cases, and in every single case I was involved many, many class members recovered far more than I made.
"But why should the class action lawyers settle? The longer they drag out the case, the more money they get - regardless of the benefit to the victims."
Not really, if it's a contingency case, which they usually are.
It took them (the lawyers on both sides) 5 years to agree how to split the profits.
The judge would not judge something too defavorable to the lawyer, just to avoid setting bad precedent (better a justice that favor the lawyers than impunity, no?).
There is plenty of down time in a 5 years proceeding, possibly years with little to no action at all expect for a paralegal pushing some paper around a few times, and this type of case is very unlikely to fail after the initial leg work.
Maybe not the money printing scheme /. crowd think generally, but certainly not a bad business model in this economy.
Do you expect the lawyers to work for free? Seriously, how much time do you think they spent on this case? Do you think they were paid the entire time they were working on it? Odds are they weren't.
Whoa there, cowboy. You've only described ONE aspect of the harm done to these people. There's also a very high risk of identity theft that will come to bite them in the ass later. You can't simply ignore that.
That is an absolute crock of bullshit. Tell me, if you were one of these people, would you be willing to spend 5 years of your time, and god knows how much in expenses and court costs to sue this company? Of course you wouldn't.
You are posting on a case where the lawyers got $660K to the plantiff's $2K. Been a while since I took math, but that is more than 80%. The "but they worked on it for 5 years!" defense strikes me as unlikely, in that it didn't take 5 full years out of their lives - they were running other cases in the meantime. Every case will have substantial downtime waiting for investigators to complete investigations, legal response timeframes to expire, deliberate delays by one side or the other for some tactical reason, etc.
I was personally dragooned into a class action in which the settlement was: all the lawyers get money (pool of 1.5Mil or so), plantiffs get justice in the form of a company that no longer existed (sold out to competitor) fixing some of it's now meaningless paperwork. WooHoo!!!
I'd like to see reform of the system to dictate a maximum payout to plaintiff's lawyers of less than 25% of the amount awarded to plaintiffs.
While we're at it, I'd like to see reform of your industry to cap your pay at a tiny amount as well.
That staff of lawyers were awarded $600k after 5 YEARS of work. They weren't being paid by these people in the meantime. Sliced up, and after paying rent on their offices, and for the rest of their staff, that's not a whole hell of a lot.
That's not even a question. Nobody said the lawyers shouldn't get paid. It's the plaintiffs who deserve more than a nearly nonexistent payout.
I'm sickened by the pervasive knee-jerk reaction against lawyers I'm seeing in the comments here. The lawyers aren't the problem here. They prosecuted the case for five years, won the case, and still plainly lost money in the pursuit of justice. Greedy? No, you're just being willfully ignorant.
The real problem is the ruling that screwed over the victims and gave Heartland a slap on the wrist. 130 million credit card numbers stolen, 130 million identities stolen! And how much did it cost them? A pittance. And you assholes are complaining abou how greedy the lawyers are?
God forbid you ever need one when your identity is stolen due to your bank's negligence.
The banks whos cards were stolen were informed. That is SOP. What each bank does is up to them.. in most cases, they replace the card (which Heartland would be required to pay for)... but with 130million.. who knows.
They're a credit card processor... they have the card number, the expiration date.. they might have the address line 1 + the zip (not required to be sent by the merchant). They may not even have the full address line 1... since the address verification only uses the first 3 digits of the address line 1 (ie: 1234 main st, is shortened to 123).
What id theft do you think is going to occur with that info?
"The judge would not judge something too defavorable to the lawyer, just to avoid setting bad precedent (better a justice that favor the lawyers than impunity, no?)."
Judges have absolutely no problem knocking down legal fees if they think they're too high. You think a judge who took a huge paycut when he left private practice is going to go out of his way to give a windfall to some lawyer who probably annoyed him during the litigation?
I doubt the 660k is a contingency fee; more likely it was actual fees ordered paid.
Cry me a river. $600k is 300 times what these hardlyworking lawyers recovered for their plaintiffs.
Name me an industry where spending $600k in labor to produce $2k net is considered acceptable.
I'll send you a memo when I'm king.
Do they? Remember the whole fucking point of a class-action: It's so that people who were wronged, but in a small way, can band together and make it cost effective to go after the company for damages. If they were forced to go it alone, how many people do you think would actually pursue action? And how many of them do you think would actually come out on top after legal fees? Hell, how many do you think would actually be able to find a lawyer willing to take their case?
Tell me, do you think the plaintiffs were actually harmed to more than $2k? How much do you think they should receive for a credit card breach?
I find it funny that no one wants to answer that question. They all want to bitch and moan about the ratio of payout to legal fees.
Maybe. But here's something to consider. The payout per plaintiff was $175. Would you hire a lawyer to spend $54000 to recover $175?
I didn't think so.