Target Requests Bank Lawsuit Dismissal

Retailer Argues Breach-Related Case Has No Merit
Target Requests Bank Lawsuit Dismissal

Target Corp. is asking a court to dismiss a consolidated class action lawsuit filed by financial institutions following the retailer's December 2013 data breach.

See Also: IoT is Happening Now: Are You Prepared?

The suit, among other things, seeks compensation from the retailer for certain breach-related expenses, such as reissuing affected payment cards and covering the cost of fraud. The breach exposed 40 million credit and debit card details and the personal information of 70 million customers.

In a request submitted Sept. 2 to the Minnesota District Court, Target asserts that the case should be thrown out because the retailer has no direct contractual business relationship with the financial institutions.

"The banks' ... claims hinge, among other things, on there being a never-before recognized 'special relationship' between merchants, like Target, and payment card issuers ...," the retailer says in its request to the court. "The banks, however ... do not even have a direct relationship with Target. ..."

Assessing Target's Latest Move

Other breached companies have used similar arguments to fight breach-related lawsuits filed by banks, stating "there was never a contractual obligation to make financial institutions whole," says Neal O'Farrell, executive director at the Identity Theft Council.

Nevertheless, O'Farrell argues, "I'm not sure this is a good route to go for a company trying to rebuild its reputation. This is not a breach that was beyond Target's reasonable control. Target was exposed for having incredibly lax security at almost every level in the organization. I don't think it wants this scab picked all over again."

Although O'Farrell believes that banks and credit unions should be compensated by the retailer for their costs tied to Target's breach, he says: "My worry is that Target might actually win its arguments because it has weak laws on its side."

Charles Zimmerman, lead counsel for the financial institution plaintiffs, tells Information Security Media Group: "I am sure Target's customers - who they refer to as guests - would be shocked to know that Target is of the belief that it owes them (and their chosen banks) no duty to protect their private credit and debit card information."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network