The 28,000-member, $211 million Alabama State Employees Credit Union alleges retailer Target was not compliant with card industry data security standards during a major incursion in November and December that led to the theft of data from millions of credit and debit cards. ASECU made the claim in court as the first financial institution to file suit to recoup its losses from the card data breach.
“Among other things, merchants are prohibited from storing unprotected cardholder information,” the credit union observed in its class-action complaint. “The stolen data includes among other things, customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. There is no legitimate reason for Target to keep all of this information stored electronically.”
Target acknowledged on Dec, 19 all of its stores had been hit in the breach and that data from roughly 40 million credit and debit card accounts had been compromised.
There have been no estimates yet of industry-wide losses from the breach yet and the credit union also refrained from using many hard numbers.
“Plaintiff has lost significantly in refunding the unauthorized use and access of its customers and members accounts due to Target’s data breach,” the credit union said. “The cost in refunding loss deposits, time, and resources spent to remedy the situation of Plaintiff’s customers and members are untold.”
Calls to the credit union's law firm have not yet been returned. Target said it does not comment on pending litigation and the retailer has not yet filed a response to the credit union's complaint.