A class action was filed in the U.S. District Court for the District of New Jersey on behalf of all cardholders in the U.S. whose credit or debit card data was stolen from Heartland Payment System, Inc.'s payment processing network. Heartland processes credit and debit card transactions for more than 150,000 merchants nationwide.

The lawsuit seeks to redress Heartland's failure to safeguard cardholder data, which was accessed and stolen by a computer hacker. Compromised information included credit and debit card numbers and card expiration dates. According to several media reports, 100 million card numbers may have been affected. Fraudulent activity has occurred on some of those cards.

Data thieves reportedly installed malicious software on Heartland's payment processing network as early as May 2008. In late fall 2008, Visa and MasterCard alerted Heartland to suspicious activity on cards that Heartland previously processed. Heartland later announced that in mid-January 2009 it located and contained malicious software on its network. The lengthy delay between when the intrusion began and when it was contained reflects the inadequacy of Heartland's security measures and intrusion detection systems.

Because of Heartland's inadequate data security, cardholders have had their card information compromised, have been exposed to the risk of fraud, have spent and will spend time to monitor their accounts and dispute fraudulent charges, and have suffered other economic damages.