Consumer Suit over Hacking of Credit Card Data to Move Forward to Trial

Rothken Law Firm announces that on September 23rd, 2005 the Court denied defendants motion to dismiss a consumer class action lawsuit filed by California credit card holders against CardSystems Solutions, Inc., Visa, MasterCard, and Merrick Bank alleging a failure to maintain adequate data security and provide proper notice of a security breach exposing over 40 million credit card holders to potential fraud.

The Court indicated in a separate hearing on September 27, 2005 that the case will proceed to trial to determine if Visa and MasterCard are covered by a new California law, Civil Code Section 1798.82, requiring companies to give consumers written notice of a data security breach.

The suit, filed in San Francisco Superior Court, alleges that CardSystems Solutions was negligent for failing to adequately secure consumers’ credit card data, and for breaking Visa and MasterCard “Data Security Standards” which prohibit storing certain kinds of confidential consumer information.

The lawsuit alleges that CardSystems Solutions, Merrick Bank, Visa and MasterCard have violated their duty to timely and properly inform consumers of the nature and degree of the alleged security breach. The suit claims that defendants’ conduct violated California’s “notice of security compromise” statute — Civil Code Section 1798.82.

In a separate hearing on September 27, 2005 the Court indicated that Visa and MasterCard, in preparation for trial, will be required to hand over internal documents to plaintiffs’ counsel including agreements with its members and CardSystems, data licenses, and writings involving who was permitted to use, view, store, and access the data that was allegedly hacked.

The lawsuit seeks a declaration from the Court that defendants violated the standard of care in its data security methods and that card holders are entitled to notice of the nature and extent their private credit card data was compromised and on-going credit monitoring to prevent fraud.

“We are very pleased that the Court denied Visa’s and MasterCard’s motion to dismiss and that the consumer case is moving forward to trial,” said Ira Rothken, counsel for the plaintiffs. “We look forward to the Court providing guidance on whether Visa and MasterCard are required to give notice to consumers of data theft under the new California law — consumers, in our view, have the right to be immediately informed if the privacy and security of their credit card information have been violated so they can make an informed decision on whether to change account numbers or take some other prompt remedial action to prevent fraud and identity theft.”