A credit union in Pennsylvania filed a class action against Target Corp. in federal court over the retailer’s now well known December data breach.
The complaint alleges that the data breach forced the bank to reissue its debit cards. First Choice Federal Credit Union said it incurred considerable expenses in reissuing approximately 75 credit and debit cards, adding that many other banks and credit unions across the U.S. were also likely hurt by the need to provide new cards.
“The injuries to plaintiff and the class were caused by defendant’s failure to maintain adequate computer data security of customer information, including credit and debit card data, as well as personally identifying information,” the complaint said.
Target has been hit with a blast of litigation since its Dec. 19 disclosure that hackers had stolen so-called track data from as many as 40 million credit and debit cards that consumers used in its stores from Nov. 27 to Dec. 15. On Jan. 10, the retailer increased that estimate to 70 million and said that additional customer data — including names, mailing addresses, phone numbers and email addresses — were also stolen.
First Choice accused Target of negligence and violations of a number of state laws in its handling of consumer data.
The complaint accused the company of careless oversight of information it obtained from the magnetic stripe of credit cards, saying Target ran afoul of two Minnesota statutes governing the collection and protection of this information.
The credit union said that in addition to incurring the costs of issuing the new cards, Target’s failure to safeguard the data led to added administrative expenses, lost interest and transaction fees, lost customers and forced it to make reimbursements for fraud losses.
The credit union did not attempt to estimate the total cost of all these factors.
It did say that a massive group of banks, other credit unions and other financial organizations across the U.S. was likely also affected by the data breach, arguing that the suit should be treated as a class action.
Target has said customers will not be liable for the cost of any fraudulent charges arising from the breach, and has offered one year of free credit monitoring and identity theft protection to all customers who shopped at the company’s U.S. stores.