Will bank suits against Target in $1B-plus customer data breach help spur security enhancements?

  • Print.

It isn’t just individuals who are taking legal action over a massive data breach in November and December that reportedly involved at least 40 million and perhaps as many as 110 million Target Corp. customer accounts.

Contending that banks may have lost hundreds of millions of dollars because of Target’s failure to use industry-standard security methods to protect customer information, financial institutions have filed suit against the company in multiple jurisdictions and are seeking class action status. Although this isn’t the first time such a major data corporate breach has occurred, experts say a number of factors could eventually lead to a big payout in the current litigation and encourage corporations to increase protection for credit and debit cards.

With consumer anger about privacy issues at an all-time high, “I think we are hitting some kind of tipping point,” analyst Paula Rosenblum of RSR Research told the Risk & Compliance blog of the Wall Street Journal (sub. req.) earlier this month. “The consumers are more unforgiving and the lawyers are more hungry.”

The Alabama State Employees Credit Union—apparently the first financial institution to file suit against Target, according to the Credit Union Journalwas at the forefront of such litigation. Since then, more small banks have jumped on the bandwagon.

Provost Umphrey will represent Community Bank of Texas, First National Bank of Texas and other similarly situated institutions in one suit, which was filed Wednesday in federal court in Minnesota, where Target is based, according to the Beaumont Enterprise and CBS Dallas/Fort Worth. A law firm press release provides further details.

Meanwhile, a credit union in western Pennsylvania filed suit against Target on Friday in federal court in Pittsburgh, the Associated Press reports.

Attorney Larry Golston of Beasley, Allen, Crow, Methvin, Portis & Miles represents the Alabama State Employees Credit Union.

“In cases where banks had to reimburse their customers because of fraudulent activity, these banks are entitled to have their money reimbursed from Target,” he told Risk & Compliance. “The retail establishment has to take a hard look and reassess how they do business. Maybe it’s time to reassess the kind of information that they gain access to.”

Wilson Daniel Miles III, another lawyer with the firm, told the Credit Union Journal that he expects damages to be in the hundreds of millions of dollars. However, an analyst with Jefferies told the Minneapolis/St. Paul Business Journal that the total cost to Target, including costs to make consumers whole, likely will be between $1 and $2 billion, or even more.

Dinged credit histories over to fraudulent activity on credit-card accounts could also affect real estate purchases and even slow down the entire real estate market, the Los Angeles Times (sub. req.) reports.

A Montgomery Advertiser article provides additional details about the initial credit union suit, which was filed Dec. 30 in federal court in Alabama.

Representatives of Target and other retailers that have also reportedly suffered significant data breaches are testifying before Senate and House panels in Washington, D.C., this week to explain how they occurred, according to KSTP and WPRO.

See also: “Proposed bill would limit consumer lawsuits against retailers who comply with data-security rules”

NBC News: “Breached Target trails in card security, reports says”

“Providence Journal: “Cybersecurity experts warn Target data breach only the beginning”

Star-Ledger: “As Congress calls Target breach hearings, stronger credit card security expected”

Give us feedback, share a story tip or update, or report an error.