MINNEAPOLIS (10/27/14)--Target Corp. again last week tried to argue against financial institutions' claims that it should be held liable for data compromised during its December 2013 breach.
The retail giant continues to fight a class-action lawsuit filed by financial institutions--including $286 million-asset CSE FCU, Lake Charles, La.--that charges "the breach, which compromised the records of 110 million customers and caused plaintiffs enormous losses, would not have happened in Target's defective data-security practices had not let it happen" (News Now Oct. 7).
On Oct. 22, the retail giant claimed that there were no direct contractual business relationships between it and the financial institutions (Lawyers and Settlements Oct. 24). Under Minnesota data protection laws, plaintiffs are required to establish what is described as a "special relationship" in order to pursue allegations that one party failed to protect another from a third party.
The financial institutions argue that such a relationship exists between card issuers and merchants, like Target.
One observer said that Target may be gaining confidence in light of "breach fatigue" caused by more recent breaches at Home Depot and JPMorgan Chase, said Neal O'Farrell, executive director at the Identity Theft Council (BankInfoSecurity.com Oct. 23).
"I suspect they're emboldened by what we all now seem to recognize as breach fatigue among consumers, a type of creeping normality where consumers just accept what they see as inevitable and don't get mad anymore," he told BankInfoSecurity.com.
A dismissal of the Target case would set a dangerous precedent, O'Farrell said. "It would give a cushion, a safety net, if they could push significant breach costs to the banks," he added. "That gives retailers like Target less incentive to get security right to the best of their ability."
A survey by the Credit Union National Association found that credit unions had 4.6 million cards compromised as a result of the Target breach, leading to about $30.6 million in related costs.