Slashdot Mirror
Heartland Security Breach Class Action: Victims $1925, Lawyers $600,000
Fluffeh writes "Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"
$2k total out of almost $4m on the case is *justice* when being sued for a credit card breach?
I don't know... I think the article summed it up pretty nice:
Actual victims got: $1925
Heartland spent $1.5 million to find the people to give out that $1925.
Somewhere around $998,075 goes to non-profits
The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each.
Nice work if you can get it.
This lady opted out of a class action and took Honda to small claims court and won.
http://www.insurancejournal.com/news/west/2012/02/03/234115.htm
I love Jesus, except for his foreign policy.
Laws are written by lawyers, administered by lawyers, and judged by lawyers.
You can't understand laws without lawyers, you can't hope to defend yourself in court without a lawyer.
You do realize the system is set up to require a lawyer, right?
And no lawyer has any real stake in simplifying or reducing the input of lawyers.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
That might be the most idiotic thing I have ever read. What constitutes justice about paying money to a infinitesimal minority of the total affected people?
Because the total affected people were barely affected, and none of them would have been able to get a lawyer to fight this individually for them.
What is justified about paying lawyers a salary for this boondoggle?
They fronted the expense for the lawsuit and fought it... for 5 years. They managed to catch the company doing something really, really wrong, fought them in court, and won, forcing the company to change their ways. What isn't justified about paying them for that 5 years of work?
You're trying to imply there was nothing better that could have been done with millions of dollars?
I'm sure the company's CEO would have liked to buy another jet with it.
The courts shouldn't care about costs. Right. That's a pretty stupid attitude.
Thinking lawyers shouldn't get paid when they force a company to stop being evil is a pretty stupid attitude, too.
Most of them end up with the actual aggrieved getting $20 and the lawyers getting the six-figure payout.
Most of them take years and the lawyers don't get paid until the end. What's wrong with someone getting a six-figure payout for, as in this one, 5 years of work? Particularly when that six figure payout is divided among all of the lawyers on the team, their paralegals, their secretaries, their IT guy, etc.? You think IT guys should have to work for free?
The time has come for the legal profession to become fully accountable to the public like the rest of the white collar professions. Lawyers should not sit on the Bar associations; businessmen, doctors, engineers, etc. should be the ones judging the professional conduct of lawyers. Lawyers have little to no education in these matters but deem themselves fit to judge every facet of how we do our work. Why is it then so outrageous to think that similarly intelligent and educated people from different fields should be the ones judging their ethics, billing practices, etc.?
The current system of class action lawsuits is not libertarian. It is an opt out system. The plaintiffs get to include you in the class seeking the lawsuit without your permission. This is completely backwards on how it would work in a free system. In a free system a plaintiff could ask if you want to join them and you are free to do so. The current system is only supported by regulations that allow a plaintiff to include you without your consent. They just send you a very lengthy scary legal letter that you have to sign to opt out. Most people including myself don't sign them because I don't want to read 20 pages of legal jargon and sign my name to it.
I love Jesus, except for his foreign policy.
And a grand total of $0 towards preventing any future data breaches.
A fair settlement in any data loss case would include significant steps taken towards preventing the same thing from happening again.
Absolutely right. Any legal system is anti-libertarian. Mob rule, now that's libertarian justice!
If your bank removed all of the fraudulent charges, then you do not have a loss.
As someone who has had a fraudulent charge on my account, and as the person who submitted this story, I am amazed by your statement. I chased my (previous) bank for three weeks, made numerous phone calls and had to go into a branch twice to get my account re-imbursed the charges. If you can call that "no loss" then you must clearly place exceptionally little value on your own time and effort. Even if the bank reimbursed me for my time at my normal salary-per-hour rate, it would have been substancially more than the measly $200 that Heartland paid out to these 11 "valid" claims.
I am also quite curious about how you can claim that out of 130,000,000 credit card details that were stolen, a $2,000 settlement to victims who were really "found" is okay. People who pinch credit card details don't do it because they are bored. They don't do it to see if they can. Someone clever enough to do this sort of operation is very much likely going to sit on the cards for a while, then charge them $1 each with a statement comment of "interest fee" or "aministration fee", sell them to others for a pittance in bunches and have them see what they can rifle through before they are caught (which means that countless individuals again go through a laborious process of showing that it wasn't them spending the cash) or any other number of means to money without getting caught. I would have hoped that this class action case would have been a resounding "Pay attention to security of your customers, else it will cost you a LOT of money" message to all the other merchants out there, but sadly it has been much more of a "Meh, you win some, you lose some, you still foot the bill to the customers in the long run..." message. It is nothing short of shameful.
Moved to http://soylentnews.org/. You are invited to join us too!
I chased my (previous) bank for three weeks, made numerous phone calls and had to go into a branch twice to get my account re-imbursed the charges
I would suggest changing banks then. I've had my credit card stolen too. I called my bank, they refunded the charge to the card while they investigated, and sent me a letter to sign. Received it a week later, signed it (1 statement, and a checkbox, IIRC), and sent it back. Received a replacement card about the same time. About 6 week later, they sent me a letter saying they finished the investigation, and removed the charge from the account.
I am also quite curious about how you can claim that out of 130,000,000 credit card details that were stolen, a $2,000 settlement to victims who were really "found" is okay.
The lawyers spent $1.5m contacting each of those people asking if they had any losses. 11 is all they could find.
And it isn't like these 130 million people aren't known. After the breach, auditors, forensic investigators come in.. The banks know who each and everyone of these people are. It would have all been disclosed after the breach was discovered.
"Discourage litigation. Persuade your neighbors to compromise whenever you can. Point out to them how the nominal winner is often a real loser -- in fees, expenses, and waste of time. As a peacemaker the lawyer has a superior opportunity of being a good man. There will still be business enough."
--Abraham Lincoln
And who would write a bill to reform the system? Lawyers?
What is wrong IMHO is that the lawyers get to put people in the Class by default. You have to specifically sign a document to be removed from the class. Most people just throw those away because they are long and confusing. It would be different if the lawyers had to advertise and convince you to be a part of the class. This could be handled much easier by people taking these companies to small claims court.
Except that it couldn't... The damages for any individual person may be only that $2k... Are you willing to spend two or three weeks producing documents, responding to delaying motions from the other side, attending depositions, arguing in court, filing motions of your own, etc. for $2k? Or, where could you find a lawyer to do that work for you for those weeks for 33% of your $2k compensation?
You can't. Which is why these small suits would almost never (and, prior to class action suits, did never) get filed. And the companies know this - they know if they do something slightly evil and take a few pennies or dollars from each customer, those customers aren't going to spend the time or money to bring suit, so they'll just let it slide... and with enough customers, that company can make millions upon millions. Call it the Superman III tactic.
And incidentally, elsewhere in the comments, people mention the one woman who took Toyota to small claims court over her Prius mileage, and how, since she won, there's no need for lawyers and everyone can do the same thing. What they don't mention is that she was an unemployed lawyer with plenty of time to sit in court.
I don't know... I think the article summed it up pretty nice:
Actual victims got: $1925
Heartland spent $1.5 million to find the people to give out that $1925.
Somewhere around $998,075 goes to non-profits
The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each.
Nice work if you can get it.
The lawyers who brought the lawsuit got $606k for helping 11 people get $2k and helping nonprofits get $1000k. Oh, and those lawyers spent 5 years doing it. And they had to pay all the costs up front, so don't forget the compound interest. And they have to pay their paralegals, staff, IT guy, rent, etc. for those 5 years. The individual lawyers probably ended up making about $20-30k per year. Not nearly as nice work, unless you can take on five or six of these at once.