Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Fifth Circuit Restores Negligence Claim in Data Breach Case

Credit Cards Privacy/Cyber Risk & Data Security

Fintech

On September 2, the U.S. Court of Appeals for the Fifth Circuit restored a group of financial institutions’ negligence claim against a payment processor in Lone Star Nat. Bank v. Heartland Payment Systems, No. 12-20648, 2013 WL 4728445 (5th Cir. Sept. 3, 2013). The restored claim relates to a 2008 data breach of a payment processor’s systems that exposed 130 million credit card numbers to cyberthieves. As a result of the breach, the institutions incurred costs to replace consumers’ compromised credit cards and to refund fraudulent charges. The ruling reversed the district court, which held that New Jersey’s economic loss doctrine barred the institutions’ negligence claim and limited them to seeking contractual remedies from the payment processor. The Fifth Circuit ruled that negligence claims for such losses are permitted where, as here, there is a distinguishable class of plaintiffs who are owed a duty and the defendant is not exposed to boundless liability.