US retail giant Target fails to get banks' MEGABREACH lawsuit slung out of court

Judge cites its actions and inactions when hackers hit

Target has failed in is attempt to persuade a judge to reject lawsuit by banks harmed by losses following the US retail giant's megabreach.

US District Judge Paul Magnuson ruled that Target played a "key role" in permitting cybercriminals to infiltrate its computer networks. Because of this, a lawsuit by banks seeking to recoup card fraud loss payouts from Target ought to be allowed to proceed towards trial, he maintained.

The lawsuit by five bank plaintiffs, which seek class-action status on behalf of financial institutions across the US, accuses the discount retailer of negligence and violating Minnesota consumer protection laws.

"Plaintiffs have plausibly alleged that Target's actions and inactions - disabling certain security features and failing to heed the warning signs as the hackers' attack began - caused foreseeable harm to plaintiffs," Magnuson said in his ruling, Reuters reports. "Plaintiffs have also plausibly alleged that Target's conduct both caused and exacerbated the harm they suffered."

Lawyers for Target unsuccessfully argued that bank plaintiffs were "sophisticated parties" that lacked a "close enough business relationship" with the retailer to justify their legal claims.

An estimated 40 million credit cards were compromised in the breach at Target in late 2013. Personal information - including email addresses and phone numbers - of as many as 110 million consumers was also exposed in the breach.

Credit card information was stolen following a successful malware-based attack on Target's point-of-sale (PoS) machines over the pre-Christmas holiday shopping season.

Consumers are also pursuing a related class-action lawsuit against Target over the breach. Judge Magnuson, who is also overseeing the consumer lawsuit, has yet to rule on Target's application to get that class action suit spiked. ®


Biting the hand that feeds IT © 1998–2017