Target Breach Suit Won't Be Dismissed

Judge Rules Banks Can Move Forward With Case
Target Breach Suit Won't Be Dismissed

A federal judge has denied Target's motion to dismiss the class action lawsuit brought against it by several banking institutions following the retailer's December 2013 data breach that exposed 40 million payment cards and personal details for 70 million customers.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

"Target played a key role in allowing the [breach] to occur," Paul Magnuson, the U.S. district court judge overseeing the Target case, said in a Dec. 2 memo announcing his decision.

"Plaintiffs have plausibly pled a claim for negligence, a violation of [Minnesota's Plastic Card Security Act], and negligence per se," he said. But the judge dismissed a fourth claim - that Target's failure to inform the plaintiffs of its insufficient security constituted a negligent misrepresentation by omission.

In the lawsuit, the banks are seeking compensation from the retailer for certain breach-related expenses, such as reissuing affected payment cards and covering the cost of fraud.

The retailer on Sept. 2 had requested that the court dismiss the class action lawsuit because the retailer has no direct contractual business relationship with the financial institutions (see: Target Requests Bank Lawsuit Dismissal).

"The banks' ... claims hinge, among other things, on there being a never-before recognized 'special relationship' between merchants, like Target, and payment card issuers ...," the retailer said in its request to the court. "The banks, however ... do not even have a direct relationship with Target. ..."

Charles Zimmerman, lead counsel for the financial institution plaintiffs, tells Information Security Media Group: "We are very pleased with the court's decision. We have always felt the claims of the financial institutions were valid and that the discovery will demonstrate how and why Target allowed their systems to be breached."

A spokesperson for Target denied to comment on the case, saying the company doesn't typically remark on pending litigation.

Analyzing the Ruling

Because the financial institution plaintiffs constructed a strong legal argument based on the alleged facts of the case, the judge was able to rule in their favor and keep the case alive, says Francoise Gilbert, founder of the IT Law Group.

"The judge ... determined that the legal argument was based on sufficient factual allegations that it would have a reasonable chance to proceed if the banks were able to show that their allegations were correct," she says.

The Target case could lead other banks to take legal action in the wake of retailer breaches, says Ted Schaer of Philadelphia-based law firm Zarwin Baum DeVito Kaplan Schaer Toddy, P.C. "The banks are absorbing these financial losses," he says. "What you're seeing here is they're not going to stand for it and they're going to require accountability from the C-suite [at breached merchants] to assure that proper security in network and point-of-sale terminals is established - and if not, they're going to seek redress."

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.