A massive data breach occurred when credit and debit card information from about 40 million Target shoppers was stolen. The Target Corporation announced that the track data was stolen as payment cards were swiped in its stores between November 27 and December 15, 2013. The Target breach resulted in millions of stolen credit and debit card account data allegedly being sold on the black market. Target has said hackers stole the personal information, including names, email addresses, phone numbers and home addresses of as many as 70 million customers.
A number of banks, credit unions and other entities that issued debit and credit cards, several of which are represented by Carlson Lynch, are now suing Target for the cost of canceling and reissuing cards, closing transactions or accounts, refunding or crediting cardholders for unauthorized transactions, and notifying customers of the data breach. The Target data breach has forced these institutions to pay millions of dollars to reissue compromised cards and repay customers whose accounts were struck with fraud. The banks and credit unions who have brought suit also seek damages for business lost as wary customers avoided making card purchases.
The class action suits brought by Carlson Lynch allege that Target knew or should have known that its payment processes were vulnerable to this sort of attack, yet the company failed to take adequate measures to protect sensitive data and did not inform customers or financial institutions about the ongoing attack for several weeks after it was discovered.
The cases assert that Target should be responsible because the company stored and maintained data from the magnetic stripe on customers’ cards for longer than 48 hours before the data was stolen. The 48-hour limit is imposed by Minnesota law. The lawsuits also claim that Target failed to adequately protect its’ customers’ data, and its misconduct regarding the confidential debit and credit cardholders’ information constitute deceptive acts and unfair trade practices.
The recently filed lawsuits seek monetary damages, attorney’s fees, and a finding that Target violated Minnesota law by maintaining customer account information longer than 48 hours, among other damages and remedies.