September 21, 2020

Ruling near on dismissal motion in Target data breach


Pin It

Target-BreachBy Amanda Bronstad, From The National Law Journal

A federal judge in Minnesota is set to decide whether to dismiss lawsuits filed by .’s customers over its massive data breach last year.

U.S. District Judge Paul Magnuson is overseeing about 140 lawsuits filed over the breach, which compromised personal information and credit card numbers of 110 million customers during last year’s Christmas shopping season. Most of those lawsuits have been coordinated into a single class action on behalf of consumers nationwide.

That consolidated complaint, brought by 112 named plaintiffs, alleges that consumers were injured by Target’s failure to detect and promptly respond to the breach.

On Oct. 1, Target moved to dismiss the case on standing ground, alleging that none of named plaintiffs in the consolidated class complaint lives in the states of Delaware, Maine, Rhode Island, South Carolina or Wyoming or Washington, D.C. Target also disputed that any of the plaintiffs had suffered economic damages and that many of the data breach statutes cited in the complaint provide no private right of action.

Magnuson heard oral arguments on Thursday.

, a spokeswoman for Target, represented by , a partner in the Minneapolis office of Faegre Baker Daniels, declined to comment. Lead plaintiffs attorney , equity member at Heins Mills & Olson in Minneapolis, declined to comment.

Class actions over data breaches have been so far unsuccessful in convincing judges that consumers suffered monetary damages. In an Oct. 31 opposition brief, Esades sought to distinguish the Target breach from others that fared poorly.

“Rarely does a case in an evolving area of law create the opportunity to apply well-reasoned precedent, established principles and common sense to compelling facts showing widespread consumer harm and on issues of significant public importance,” he wrote. “This is that case.”

The plaintiffs have asserted damages in the form of unreimbursed unauthorized charges and the imminent harm of identity theft. Consumers also missed payments and incurred fees after their bank accounts were frozen following the breach.

On Dec. 2, Magnuson refused to dismiss a separate consolidated class complaint filed against Target on behalf of financial institutions that alleged losses of as much as $18 billion when they were forced to reissue cards and reimburse customers affected by the breach.

He found that Target owed a duty to the banks and credit unions to protect them against hackers. “Although the third-party hackers’ activities caused them, Target played a key role in allowing the harm to occur,” he wrote. “Plaintiffs have plausibly alleged that Target’s actions and inactions—disabling certain security features and failing to heed the warning signs as the hackers’ attack began—caused foreseeable harm to plaintiffs.”

He also upheld claims under a Minnesota statute that prohibits businesses from retaining “the card security code data, the PIN verification code, or the full contents of any track of magnetic stripe data” of its customers past a certain period.

Photo: ivanastar/

For more on this story go to:


Print Friendly, PDF & Email
About ieyenews

Speak Your Mind