A U.S. District Court Judge allowed a consumer class action lawsuit to go forward in the massive Target Corp. credit and debit card breach that affected more than 110 million customers.
In a Dec. 18 ruling, Judge Paul A. Magnuson in St. Paul, Minn., denied in part and granted in part to dismiss legal arguments made in the class action lawsuit against the nation's second largest retailer.
Magnuson rejected Target's attempt to dismiss claims filed in a separate lawsuit by a group of financial institutions seeking damages for the retailer's data breach in late 2013. The judge ruled Dec. 2 that the plaintiffs, which included the $282 million CSE Federal Credit Union in Lake Charles, La., had a plausible case for negligence because Target played a key role in allowing cyberthieves to hack into computer systems and obtain card data and possibly personal information of card holders, the documents said.
In the consumer class action suit, Target's primary argument was that the 114 individual plaintiffs do not have standing to raise any of their claims because they cannot establish injury.
But in his ruling, Magnuson noted the plaintiffs have alleged injury such as unlawful charges, restricted or blocked access to bank accounts, inability to pay other bills and last payment charges or new card fees.
“Plaintiffs' allegations plausibly allege that they suffered injuries that are fairly traceable to Target's conduct,” Magnuson wrote. “This is sufficient at this stage to plead standing.”
The judge also allowed the class action suit to seek injunctive relief, a court order that would require Target to encrypt all customer data from the point of sale and throughout the retailer's payment system. The court order also would require the retailer to comply with federal and Minnesota law regarding data security and the retention of data, adopt EMV chip technology for Target-issued credit and debit cards and require the retailer to pay extended credit monitoring services for all of plaintiffs in the class action suit.
Target's argument that the plaintiffs lacked standing to seek injunctive relief was premature, Magnuson wrote.
However, Magnuson dismissed the plaintiffs' claim of Target's alleged breach of contract. In addition, the judge dismissed the plaintiff's negligence claims under Alaska, California, Iowa and Massachusetts law.
He also ordered that the plaintiffs may not maintain a class action suit in Alabama, Georgia, Kentucky, Louisiana, Mississippi, Montana, South Carolina, Tennessee and Utah.
According to court documents, the plaintiffs withdrew their data-breach notice statutory claims under Florida, Oklahoma and Utah. In addition, their data breach statutory claims under Arkansas, Connecticut, Idaho, Massachusetts, Minnesota, Nebraska, Nevada, Rhode Island and Texas law were dismissed.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
