This is page 2 of:
Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security
But Thompson reviewed the full audio of that conference call and sided with Heartland. “Careful attention to context demonstrates that Defendants’ statements and omissions on this conference call are not fraudulent. The analysts’ questions concerned certain expenditures that Heartland made during the fourth quarter of 2007. Obviously, any incident that prompted those expenditures would have occurred before the expenditures were made. The SQL attack occurred on December 26, far too late in the quarter to have been the cause for the million-plus dollar expenditure that was the subject of the analysts’ questions,” she said in her decision. “If the analysts had simply asked ‘Did you suffer a security lapse in fourth quarter 2007?’ then Defendants’ answers might very well have been misleading. But the analyst was specifically asking whether Heartland suffered a security incident that caused the large fourth quarter IT expenditure. Since the SQL attack did not cause the fourth quarter security expenditure, Defendants answered truthfully when they answered in the negative.”
Thompson also discussed another exchange on that call, one where the CFO compared Heartland to the infamous TJX data breach. “Plaintiffs allege that Defendant Baldwin made one other misrepresentation on the February 13 conference call—the following statement: ‘With IT security, you’re either pregnant or you’re not. And I think it would be irresponsible for us to know that we have vulnerabilities in our system where we could have something really bad happen that would put the Company in a TJ Maxx position. Now, fortunately, we’ve never had anything close to that happen, but we could see a scenario where that could have happened. We don’t see that anymore.'”
The judge said that the plaintiff “argues that this statement is untrue because Heartland had in fact suffered a significant security breach—the SQL attack. However, this Court does not read the above paragraph as concealing that fact. A ‘TJ Maxx position’ presumably refers to an incident in 2005 when hackers breached the (TJX) computer network and gained information on 45 million credit and debit card accounts. As of February 2008, hackers had not stolen any credit card information from Heartland. So at the time the above statement was made, Heartland had not suffered the sort of security problem to which Baldwin was alluding. In other words, in the above-quoted passage, Baldwin was talking about security breaches that resulted in major financial problems. There are no allegations to the effect that, as of February 2008, Heartland had suffered any major headline-making problems of the sort T.J. Maxx experienced in 2005. Furthermore, Baldwin did not categorically assert that Heartland had never suffered any security problems. He merely stated that Heartland had not suffered anything ‘close to’ what (TJX) had suffered. His statement was therefore truthful.”
-Marc
December 12th, 2009 at 2:59 pm
As far as I know, the SEC investigation is still underway, and an indictment would certainly see this lawsuit revisited, perhaps in another jurisdiction – either where a plaintiff resides, where a data center is located, or Cal-litigate-afornia, where it fairly easy to sue anyone.
The judge’s opinion was strong regarding the likelihood that Carr and Baldwin will be sanctioned for misleading statements to investors, but it certainly did not dismiss the notion that material adverse information was deliberately withheld from investors between December of 2007 and January of 2009.
The dismissal also does little to undermine charges of possible insider trading by HPS executives, the crux of the SEC investigation.
And let us not forget that more financial impact form the breach cleanup is to be expected, which already had Heartland backpedaling on their last quarterly earnings statement to the tune of nearly $80M.
The ruling was definitely a victory for Heartland, but potential liabilities still threaten the company’s viability, with a their market cap at about $430m.
If Heartland’s liabilities begin to approach the $200m to $250m range, Heartland could likely file for BK. We certainly have not heard the last of this breach.
December 12th, 2009 at 4:50 pm
Anthony is clearly correct that anyone can sue anyone for anything in this country and the SEC can probe almost anything it wants. But whether or not you happen to agree with the federal judge’s decision in this case, her decision was clearly articulate. In other words, she laid out her thinking and evidence for all to see, so observers can judge for themselves whether the ruling has merit.
But I do take slight exception to Anthony’s comment that the judge’s ruling “certainly did not dismiss the notion that material adverse information was deliberately withheld from investors between December of 2007 and January of 2009.” Actually, it did indeed dismiss that. That was the basis of her ruling, that she saw no material information deliberately withheld from anybody. You can certainly disagree with her conclusion but you can’t say that she didn’t dismiss that scenario. She clearly did.
December 12th, 2009 at 5:06 pm
Very true – and I should clarify by saying that given the outcome of the SEC investigation, Heartland executives could very well face a charge of withholding material information both criminally and in civil litigation.
The judges decision is not based on all the facts and information that may be available after the SEC weighs in, but is based on the facts and arguments presented in the plaintiffs complaint, which was dismissed.
And a dismissal is not an acquittal. It does not necessarily reflect on the validity of the allegations per se, as much as it is a ruling on the validity of the complaint as filed.
I would not rule anything out yet.
December 12th, 2009 at 10:49 pm
It’s absolutely fair to say that an SEC probe could easily be aware of things that the a civil lawsuit judge may not.
But, to be fair, a dismissal in a federal civil lawsuit is more significant than you’re suggesting. It either indicates a lack of validity to the complaint or VERY bad counsel filing that complaint. The threshold to have a civil lawsuit proceed to trial is quite low in the U.S., and I’ve covered enough ludicrous civil trials to know that all too well.
For a judge–especially a federal judge–to dismiss a lawsuit, the judge pretty much has to conclude that the accusations and support points made are absolutely without merit. In this instance, the complaint didn’t even support its own accusations. It’s not like the plaintiffs accused Heartland of XXXX and Heartland disputed it with documents or a witness. The judge looked at the plaintiff’s own claims and concluded that they weren’t making a good enough case to even go to trial.
Again, Anthony, I’m agreeing with you that an SEC probe could go in a different direction, but let’s not make light of a federal judge ordering a complete dismissal with prejudice. That’s not something that happens every day.
December 13th, 2009 at 12:04 am
Agreed!