Heartland CEO Now Under SEC Investigation

February 26, 2009 by ADMIN

Share |

By Anthony M. Freed, Information-Security-Resources.com Managing Editor

During Heartland Payment Systems (HPY) quarterly Earnings conference call, CFO and President Robert Baldwin revealed that Heartland is indeed under SEC investigation, although exactly why they are being investigated has not been released.

Company President and Chief Financial Officer Robert Baldwin Jr. disclosed the investigations during Heartland’s quarterly conference call with investigators (sic) Tuesday, saying that the SEC had launched an informal inquiry into the company and that there is also a related investigation by the Department of Justice. The U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), which regulates national banks and their service providers, has launched an inquiry, as has the FTC, he said.

Reached Wednesday, a Heartland spokesman could not say why the SEC was investigating the company.

However, the investigation may relate to stock trades made by Heartland Chairman and CEO Robert Carr after Visa notified Heartland of suspicious activity on Oct. 28, 2008. According to insider trade filings, Carr sold just under US$8 million worth of stock between Oct. 29 and the day the breach was disclosed. Heartland’s stock was trading in the $15-to-$20 range for most of these transactions, but it dropped following the breach disclosure. It closed Wednesday at $5.49.

This is trenchant to my January 29 analysis raising the possibility that knowledge of the 2008 information breach may have influenced stock trades by Heartland CEO Robert O. Carr.

The article prompted an email response directly to me from Heartland’s outside counsel, in which they categorically denied any illicit trading activity on the part of Carr:

At the time of this announcement, Mr. Carr was not under any trading restrictions pursuant to the company’s insider trading policy and was not in possession of any material non-public information concerning the company. Under this 10b5-1 plan, programmed sales of company stock were made on Mr. Carr’s behalf, and he had no discretion regarding the timing or other aspects of those sales.

Although he was not required to do so, Mr. Carr terminated his 10b5-1 when the company confirmed the security breach it disclosed in the company’s press release of January 20, 2009. As has been reported, Heartland first learned of a potential problem from the card associations on October 28th of last year, well after the announcement of this 10b5-1 plan. Heartland categorically denies that Mr. Carr was aware of a potential security breach at the time he adopted his trading plan.

As CEO of the sixth largest payment card processor, I would hope that Carr would at times possess some non-public information on the company he built, but that is a topic for a different discussion on overall CEO performance levels and our failing economy.

Here is the time line of the breach and Carr’s trades so far:

May 14, 2008: Breach reported to have began

May 20, 2008 Carr Makes first stock sale of the year, 2695 shares

August (first week), 2008: CEO Robert Carr’s 10b5-1 is proposed

August 8, 2008: Board approves 10b5-1 plan

August 8 - August 14, 2008: Carr makes six separate sales of stocks totalling 60,000 shares

August 19, 2008: Breach reported to have ended

August 28, 2008: Carr sells 80,000 shares

September 3, 2008: Carr sells 80,000 shares

September 17, 2008: Carr sells 80,000 shares

October 15, 2008: Carr sells 80,000 shares

October 28, 2008: Visa and MasterCard notify Heartland of problems; Carr sells 80,000 shares

November 6, 2008: Carr sells 80,000 shares

November 20, 2008: Carr sells 80,000 shares

December 11, 2008: Carr sells 80,000 shares

December 26, 2008: Carr sells 42,900 shares

January 7, 2009: Carr sells 80,000 shares

January 12, 2009: Carr suspends his 10b5-1 stock selling plan

January 20, 2009: Breach Announced

Sources: (http://www.secform4.com/insider-trading/1144354.htm)

(http://www.2008breach.com/)

Revelations that the SEC is investigating the stock trades comes on top of class action lawsuits spurred by the breach, as well as a steady decline in stock price.

Heartland has also been hit with a class-action lawsuit relating to the breach, which was publicly disclosed on Jan. 20. “We may, in the future, be subjected to other governmental inquiries and investigations,” Baldwin said during the call. “We intend to vigorously defend any claims asserted against us.”

An unofficial transcript of Heartland’s call can be found here.

The Heartland breach, which has now affected more than 500 banks across the country, leaving an untold number of consumers at risk of financial identity theft and Heartland stakeholders with a loss exceeding 50% in about one month’s time.

There is also another undisclosed breach which we are hearing about. The breach itself has already been confirmed by Visa, and it is possible the breach will exceed Heartland in size.

Our team has been predicting that 2009 will be the year that InfoSec moves to the forefront of the economic crisis with Homeland Security implications. We believe the somewhat obscure issue will be as familiar to the American public as the notorious subprime and pay option ARMs have in the last year or two.

Much like the meltdown of the mortgage industry, the revelations of lax governance in the handling of sensitive and private data will likely shock the public and the business community alike, and those revelations are bound to come all too painfully slow, especially for shareholders.

The data loss debacle at Heartland highlights the fact that the failure to secure information is the next major shareholder derivative, director and officer liability, regulatory, consumer product safety, and class-action issue to impact our economy.

More updates to follow.

* * *

Stay Informed With ISR News Alerts:

* * *

Anthony is a researcher, analyst and freelance writer who worked as a consultant to senior members of product development, secondary, and capital markets from the largest financial institutions in the country during the height of the credit bubble. Anthony’s work is featured by leading Internet publishers including Reuters, The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, and ML-Implode.

The Author gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.