Target to face banks’ lawsuit over breach

Target will face a lawsuit from major banks over its data breach that compromised at least 40 million customers’ credit card information.

A judge in St. Paul, Minn., refused Target’s request to dismiss the banks’ claim that they had suffered tens of millions of dollars in damages resulting from having to reimburse fraudulent charges and reissue credit and debit cards.

ADVERTISEMENT

The case could help answer the murky question of who is liable following a major data breach.

"This ruling is one of the first decisions that clarifies the legal muddle between merchants and banks," said Craig Newman, a lawyer with Richards Kibbe & Orbe who advises on data security issues.

Banks are upset they have to foot the bill to reissue cards and reimburse consumers. Companies argue it's the hackers, not the company that has caused the harm.

“Although third-party hackers' activity caused harm, Target played a key role in allowing the harm to occur,” said U.S. District Court Judge Paul Magnuson in his ruling.

To this point, Magnuson said, the banks have “plausibly pled a general negligence case.”

"What this ruling means is that the banks won’t necessary be left holding the bag," Newman said.

A hearing is scheduled for Dec. 11.

Target is also facing a companion class action lawsuit from the customers whose information was exposed.

— Updated 3:04 p.m.