Target Fights to End Bank Suits a Year After Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bloomberg.com/news/2014-11-21/target-fights-to-end-bank-suits-a-year-after-data-breach.html

Target Corp. (TGT) is asking a federal judge to throw out claims by banks
that had to deal with the consequences of a data breach that compromised at
least 40 million credit-card accounts.

Banks alleged the incursion forced them to reissue credit and debit cards,
monitor accounts for fraudulent activity and reimburse those victimized,
all while coping with decreased use of affected cards at the height of last
year’sholiday shopping season.

Five lenders, arguing on behalf of a proposed group including every
financial institution whose customers made Target purchases in 2013 from
Nov. 1 to Dec. 19, say they collectively sustained damages of at least $5
million.

The retailer is scheduled today to ask U.S. District Judge Paul Magnuson in
St. Paul, Minnesota, to reject the case, arguing it dealt with the banks
only through intermediaries, credit card companies, and had no obligation
to protect them.

The argument comes a week before Black Friday, the unofficial start of the
post-Thanksgiving holiday shopping season in the U.S. and a week after the
hardware emporium Home Depot Inc. (HD) disclosed that 53 million e-mail
addresses were taken by hackers in a breach it reported in September that
also put 56 million payment cards at risk.

Neiman Marcus

High-end retailer Neiman Marcus Group Ltd. and Sears Holdings Corp.’s
discount chain Kmart have also been struck by hackers. Staples Inc. (SPLS),
the world’s biggest office-supply chain last month said it too may have
been attacked. As of Nov. 19, it couldn’t fully assess the damage,
according to a filing with the U.S. Securities and Exchange Commission.

Target, based in Minneapolis, said personal information including addresses
and phone numbers of as many as 110 million people might have been obtained
by hackers last year.

The company, which this month hired a new chief risk and compliance
officer, Jacqueline Hourigan Rice, is scheduled to argue on Dec. 11 for
dismissal of consumer claims arising from its data breach.

The banks suing Target contend the company is trying to duck blame for its
failure to safeguard card data.

‘Security Deficiencies’

“Target’s gross security deficiencies enabled the breach, and Target’s
inaction and omissions worsened the breach’s effect on plaintiffs,” the
lenders said in a court filing.

The banks are relying in part on a Minnesota law -- the Plastic Card
Security Act -- to support their claim that Target had a duty to shield
them. The retailer contends the lenders aren’t covered by the measure.

The law prohibits the company from retaining certain card data after a sale
is completed.

Target’s lawyers say the data theft happened at the point of sale and that
the statute doesn’t apply. Bank attorneys counter the company has said it
retained card data and that the retailer voluntarily disabled data system
security functions that would have detected the breach.

The five banks leading the suit are Roseburg, Oregon-based Umpqua Bank;
Whitman, Massachusetts-based Mutual Bank; CSE Federal Credit Union of Lake
Charles, Louisiana; St. Francis, Minnesota-based Village Bank; and First
Federal Savings of Lorain, in Lorain, Ohio.

The case is In re: Target Corporation Customer Data Security Breach
Litigation, 14-md-2522, U.S. District Court, District of Minnesota (St.
Paul).

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!