BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Target fails to end banks' lawsuit over data breach

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 2 Dec 2014 19:35:45 -0700
http://www.reuters.com/article/2014/12/03/us-target-breach-lawsuit-idUSKCN0JH04120141203

A federal judge on Tuesday rejected Target Corp's bid to dismiss a lawsuit
by banks seeking to recoup money they spent reimbursing fraudulent charges
and issuing new credit and debit cards because of the retailer's late 2013
data breach.

U.S. District Judge Paul Magnuson in St. Paul, Minnesota said Target played
a "key role" in allowing hackers to infiltrate its computer systems.

He said this justified letting the five bank plaintiffs, which seek
class-action status on behalf of lenders nationwide, pursue much of their
lawsuit accusing the second-largest U.S. discount retailer of negligence
and violating Minnesota consumer protection laws. The banks are seeking
millions of dollars in damages.

"Plaintiffs have plausibly alleged that Target's actions and inactions -
disabling certain security features and failing to heed the warning signs
as the hackers' attack began - caused foreseeable harm to plaintiffs,"
Magnuson wrote. "Plaintiffs have also plausibly alleged that Target's
conduct both caused and exacerbated the harm they suffered."

Target did not immediately respond to a request for comment.

The company has said at least 40 million credit cards were compromised in
the breach, and that as many as 110 million people may have had personal
information, such as email addresses and phone numbers, stolen.

Target has also said the bank plaintiffs were "sophisticated parties" that
lacked the close ties to the retailer necessary to support their legal
claims.

The plaintiffs include Umpqua Holdings Corp's Umpqua Bank in Roseburg,
Oregon; Mutual Bank in Whitman, Massachusetts; Village Bank in St. Francis,
Minnesota; CSE Federal Credit Union in Lake Charles, Louisiana; and First
Federal Savings of Lorain in Lorain, Ohio.

They are seeking class-action status on behalf of banks and credit unions
with customers who used credit and debit cards at Target between Nov. 1 and
Dec. 19, 2013.

Consumers are also pursuing related class-action litigation over the
breach, and Target has asked Magnuson to throw out that case.

The case is In re: Target Corporation Customer Data Security Breach
Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: