A federal judge in Minnesota rejected Target Corp’s motion to dismiss a lawsuit by banks seeking to recoup money they spent reimbursing fraudulent charges and issuing new credit and debit cards because of the retailer’s late 2013 data breach.
U.S. District Judge Paul Magnuson in St. Paul, Minnesota said Target played a “key role” in allowing hackers to infiltrate its computer systems. He said this justified letting the five bank plaintiffs, which seek class-action status on behalf of lenders nationwide, pursue much of their lawsuit accusing the second-largest U.S. discount retailer of negligence and violating Minnesota consumer protection laws. The banks are seeking millions of dollars in damages.
Target acknowledged that at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have had personal information, such as email addresses and phone numbers, stolen. Target has also said the bank plaintiffs were “sophisticated parties” that lacked the close ties to the retailer necessary to support their legal claims.
The plaintiffs include Umpqua Bank in Roseburg, Oregon; Mutual Bank in Whitman, Massachusetts; Village Bank in St. Francis, Minnesota; CSE Federal Credit Union in Lake Charles, Louisiana; and First Federal Savings of Lorain in Lorain, Ohio.
They are seeking class-action status on behalf of banks and credit unions with customers who used credit and debit cards at Target between Nov. 1 and Dec. 19, 2013.
Consumers are also pursuing related class-action litigation over the breach, and Target has asked Judge Magnuson to throw out that case.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.