One year after Target breach, consumer lawsuits can proceed

December 30, 2014

ST. PAUL, Minn. (12/31/14)--For the second time this month, Target has missed its mark.

U.S. District Judge Paul Magnuson recently rejected the big box store's argument to dismiss a class action lawsuit by consumers affected by the massive data breach that occurred at Target stores more than a year ago. 

The decision comes only weeks after a judge rejected an argument from Target to dismiss a separate lawsuit filed by financial institutions that were affected by the breach. Both suits will now move forward.

The judge ruling on the appeal from Target to dismiss the consumer class action suit said that Target failed to adequately address any of the issues raised by plaintiffs in their argument, such as blocked access to bank accounts, the inability to pay other bills and late payment charges.

"These arguments gloss over the actual allegations made and set a too-high standard for plaintiffs to meet at the motion-to-dismiss stage," Magnuson wrote (Star Tribune Dec. 19). "Plaintiffs' allegations plausibly allege that they suffered injuries that are 'fairly traceable' to Target's conduct."

Roughly 40 million consumers had payment card data compromised as a result of the Target breach, and more than 70 million people had personal information compromised.

Credit unions reissued roughly 4.6 million credit and debit cards in the aftermath of the Target breach, and were hit with more than $30 million in costs as a direct result of the incident, according to numbers from the Credit Union National Association.

The breach was caused by malware that hackers implanted in Target point-of-sale terminals. Once in place, the hackers were able to record and steal payment card data from consumer debit and credit cards as they were swiped (The National Law Review Dec. 29).

Since the Target breach, a number of high-profile data heists have taken place in the United States, including a breach at Home Depot stores that eclipsed the effects of the Target breach by almost two-fold for credit unions.

CUNA continues to press lawmakers into ramping up regulations on payment data security standards for merchants, which aren't required to meet the same stringent requirements imposed upon financial institutions.

New technology such as EMV-chip card technology and tokenization are welcome improvements to the overall payment network, CUNA leaders have said, but until merchants are held to the same very strict standards that financial institutions must uphold, gaps will always exist.

To help the effort to lobby members of congress, CUNA launched where consumers and members of credit unions can send messages to their government representatives to encourage them to pass stricter regulations on merchants.

CUNA also continues to act as a facilitator for credit unions interested in pursuing the Home Depot breach through legal channels.

Stop the Data Breaches

Identity Theft: Who’s Got Your Number? electronic member seminar kit

Anytime Adviser ID Theft coach

Lock Down Your Smartphone drive-up envelope

Stickley on Security

Awareness Technologies/CUNA Strategic Services

DH Compushare/CUNA Strategic Services

SilverSky/CUNA Strategic Services

TraceSecurity/CUNA Strategic Services