A federal judge recently tossed the request by American retailer Target to dismiss a lawsuit by banks seeking to recover their money which was spent on reimbursements and issuance of new cards in the wake of last year’s data breach.
In December 2013, Target suffered a massive data breach, where it later admitted that at least 40 million credit cards were compromised and personal information including e-mail addresses and phone numbers of as many as 110 million people were stolen, who shopped in the period of November 1 to December 19.
Banks across the US were then forced to reimburse fraudulent charges and issue new credit and debit cards.
Five banks later came together to file a class-action lawsuit against Target on behalf of lenders nationwide, accusing the retailer of negligence and violating Minnesota consumer protection laws. The banks are seeking millions of dollars in damages.
As cited in Reuters, the plaintiffs include Umpqua Holdings Corp’s Umpqua Bank in Roseburg, Oregon; Mutual Bank in Whitman, Massachusetts; Village Bank in St. Francis, Minnesota; CSE Federal Credit Union in Lake Charles, Louisiana; and First Federal Savings of Lorain in Lorain, Ohio.
Target last month asked Magnuson in St. Paul, Minnesota, to reject those claims. It argued that the company had no obligation to the banks because a third-party firm handles all credit and debit card payments.
U.S. District Judge Paul Magnuson observed that "Although third-party hackers’ activity caused harm, Target played a key role in allowing the harm to occur by disabling some security features and failing to heed warning signs when the cyber-attack began," as reported in Bloomberg.
But in his written ruling Magnuson said: "Plaintiffs have plausibly alleged that Target’s actions and inactions – disabling certain security features and failing to heed the warning signs as the hackers’ attack began – caused foreseeable harm to plaintiffs.
"Plaintiffs have also plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered."
Target did not comment on the development. Meanwhile, consumers are also pursuing related class-action litigation over the breach separately.