A U.S. District Court Judge allowed a consumer class actionlawsuit to go forward in the massive Target Corp. credit and debit card breach that affected morethan 110 million customers.
|In a Dec. 18 ruling, Judge Paul A. Magnuson in St. Paul, Minn.,denied in part and granted in part to dismiss legal arguments madein the class action lawsuit against the nation's second largestretailer.
|Magnuson rejected Target's attempt to dismiss claims filed in aseparate lawsuitby a group of financial institutions seeking damages for theretailer's databreach in late 2013. The judge ruled Dec. 2 that theplaintiffs, which included the $282 million CSE Federal CreditUnion in Lake Charles, La., had a plausible case for negligencebecause Target played a key role in allowing cyberthieves to hackinto computer systems and obtain card data and possibly personalinformation of card holders, the documents said.
|In the consumer class action suit, Target's primary argument wasthat the 114 individual plaintiffs do not have standing to raiseany of their claims because they cannot establish injury.
|But in his ruling, Magnuson noted the plaintiffs have allegedinjury such as unlawful charges, restricted or blocked access tobank accounts, inability to pay other bills and last paymentcharges or new card fees.
|“Plaintiffs' allegations plausibly allege that they sufferedinjuries that are fairly traceable to Target's conduct,” Magnusonwrote. “This is sufficient at this stage to plead standing.”
|The judge also allowed the class action suit to seek injunctiverelief, a court order that would require Target to encrypt allcustomer data from the point of sale and throughout the retailer'spayment system. The court order also would require the retailer tocomply with federal and Minnesota law regarding data security andthe retention of data, adopt EMV chip technology for Target-issued credit and debit cards and require the retailerto pay extended credit monitoring services for all of plaintiffs inthe class action suit.
|Target's argument that the plaintiffs lacked standing to seekinjunctive relief was premature, Magnuson wrote.
|However, Magnuson dismissed the plaintiffs' claim of Target'salleged breach of contract. In addition, the judge dismissed theplaintiff's negligence claims under Alaska, California, Iowa andMassachusetts law.
|He also ordered that the plaintiffs may not maintain a classaction suit in Alabama, Georgia, Kentucky, Louisiana, Mississippi,Montana, South Carolina, Tennessee and Utah.
|According to court documents, the plaintiffs withdrew theirdata-breach notice statutory claims under Florida, Oklahoma andUtah. In addition, their data breach statutory claims underArkansas, Connecticut, Idaho, Massachusetts, Minnesota, Nebraska,Nevada, Rhode Island and Texas law were dismissed.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
