http://arstechnica.com/tech-policy/2014/12/judge-rules-that-banks-can-sue-target-for-2013-credit-card-hack/
By Megan Geuss
Ars Technica
Dec 4, 2014
On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group
of banks can proceed to sue Target for negligence in the December 2013
breach that resulted in the theft of 40 million consumer credit card
numbers as well as personal information on 70 million customers. The banks
alleged that Target had “failed to heed warning signs” that would have
stymied the banks' losses.
The breach occurred between mid-November and mid-December in 2013, after
hackers placed malware on Target POS systems which made it possible for
them to steal credit card numbers as consumers swiped. The vast number of
people affected by the breach made Target's hack the most notorious, but
subsequent reports revealed that Target was only one of many big-name
retail stores that had credit card data stolen—Neiman Marcus, Michaels,
and later Home Depot customers were also revealed to be targets.
After the breach, multiple banks and consumers sued Target in Minnesota,
where the company is headquartered. The lawsuits from both banks and
consumers were grouped together into two consolidated class action
complaints. Target filed a motion to dismiss the claims made by the
financial institutions, but District Court judge Paul A. Magnuson ruled
that the plaintiffs' claims were valid.
The decision could lead to significant changes in the way the cost of
fraud is distributed among parties in the credit card ecosystem. Where
once banks and merchant acquirers would have to shoulder the burden of
fraud (which is how they have long justified increasing Interchange Fees),
now, potentially, the order from Magnuson could pave the way for more
card-issuing banks to sue merchants for not protecting their POS systems
properly.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
