June 30, 2005
A class action lawsuit has been filed by California credit card holders and merchants against Cardsystems Solutions, Inc. and others alleging a failure to maintain adequate data security which led to a security breach exposing over 40 million credit card holders to potential fraud.
The suit, filed in San Francisco Superior Court, alleges that Cardsystems Solutions was negligent for failing to adequately secure consumers' credit card data, and for breaking Visa and MasterCard "Data Security Standards" which prohibit storing certain kinds of confidential consumer information.
The lawsuit alleges that Cardsystems Solutions, Merrick Bank, Visa and MasterCard have violated their duty to timely and properly inform consumers of the nature and degree of the alleged security breach. The suit claims that these violations constitute "unfair, unlawful and deceptive business practices" under California's Unfair Competition Law.
The lawsuit seeks a declaration from the Court that Cardsystems violated the standard of care in its data security methods and that card holders are entitled to notice of the nature and extent their private credit card data was compromised and on-going credit monitoring to prevent fraud.
"There are strong privacy laws and public policies in California protecting consumers' confidential financial information -- consumers, in our view, have the right to be immediately informed if the privacy and security of their credit card information have been violated so they can make an informed decision on whether to change account numbers or take some other prompt remedial action," said Ira Rothken, counsel for the consumer and merchant class plaintiffs.