Where Plaintiff's Went Wrong with Heartland Suit

Thursday, August 19, 2010

Carter Schoenberg


One area I continue to grow frustrated with is when a large security breach occurs and yet other than FTC sanctions, not much else happens.

Why? I think its along the same lines as why most CISO's complain that CEO's don't take security as serious as they should. (i.e. they fail to understand what the quantified risk is).

One of the largest differences between 2010 and 2001 is the number of security service providers. Most have been acquired and merged into a much larger organization like SecureWorks, HP, IBM, etc.

What may not be taken into consideration is the fact that this now limits the scope of what a would-be adversary who knows legal tactics to have the ability to leverage a process I designed a few years ago for how you actually go after a company for negligence for a breach in security.

Is it just talk, while granted I am not worth millions, I have successfully forced an organization to settle out of court after receiving the "We are sorry to advise you your PII was compromised" letter.

The long and short of it,.. what would have been roughly $1800 to resolve cost this defendant around $80K between settlement and lawyer fees to work towards a settlement.

I hope all of you enjoy this link and I look forward to your comments!

Information Security & Negligence Targeting the C-Class:


Copy of the subsequently dismissed investor's lawsuit against Heartland:



Possibly Related Articles:
Security Awareness
breaches Heartland
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.