MINNEAPOLIS (9/5/14)--In another development in the class action suit against Target Corp., the retail giant Tuesday asked for a dismissal of claims brought by financial institutions.
The class action suit is related to the December data security breach that compromised 40 million debit and credit card numbers and the personal information of as many as 70 million customers.
CSE FCU, Lake Charles, La., with $286 million in assets, is one of the plaintiffs listed in Target's dismissal request.
Target is arguing against the negligence claims because there is no direct relationship between the retailer and each financial institution.
The Minneapolis-based company also cites the Minnesota Plastic Card Security Act, saying the act only applies to business conducted within the state of Minnesota. The act prohibits from retaining sensitive card stripe data after authorization of the transaction, and it requires a retailer to reimburse the costs incurred by any financial institution which issued payment cards affected by the breach of the retailer's system.
"I am sure Target's customers--who they refer to as guests--would be shocked to know that Target is of the belief that it owes them (and their chosen banks) no duty to protect their private credit and debit card information," the financial institutions' lead counsel Charles Zimmerman told BankInfoSecurity.com (Sept. 4).
A survey by the Credit Union National Association found that credit unions incurred $30.6 million in costs directly related to the breach--not including fraud costs. CUNA is pressing federal lawmakers to address data security relative to merchants, who are not held to the same standards of security as credit unions and other financial institutions. (See related story: CUs, members need data security protection, CUNA urges.)
In April, the U.S. Judicial Panel on Multidistrict Litigation determined that the class action lawsuits would be consolidated in the District of Minnesota. The cases have been divided into three categories: consumer lawsuits by those whose information was compromised; financial institutions that had to cover the cost of reissuing cards and reimbursing consumers; and shareholders.