Still recovering from its 2013 data breach, Target Corp. agreed to a $39 million settlement with a class of banks suing the well-known retailer, marking the settlement as the first class-wide data breach pact ever reached on behalf of financial institutions.

Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 holiday season. The Minneapolis-based company’s breach still ranks among the most high-profile data incidents to hit retailers in recent years.

The class-wide pact stems from a consolidated class action complaint filed in August 2014 to recover an estimated $200 million in losses stemming from the breach, including costs to reimburse fraudulent charges and issue new payment cards. The complaint alleges that Target failed to take precautions to protect consumer data and violated the Minnesota Plastic Card Security Act.
Continue Reading Target Agrees to $39 Million Settlement with Credit Card Issuers’ Data Breach Claims

Before September 15, 2015, no federal court had certified a class action to litigate security breach claims. But now U.S. District Court Judge Paul A. Magnuson, overseeing the In re: Target Corporation Customer MDL, has certified as a class:

All entities in the United States and its Territories that issued payment cards compromised in the payment card data breach that was publicly disclosed by Target on December 19, 2013.

This certified class representatives will litigate three claims on behalf of all such issuers: that Target was negligent in failing to provide sufficiently secure customer data; that Target violated Minnesota’s Plastic Security Card Act (“PCSA”); and that this violation of Minnesota law constituted negligence per se.

In opposing class certification, Target had maintained that no classwide proof of injury existed, especially given variations in state laws. Target also contended that damages would have to be calculated on a bank-by-bank basis, making class adjudication untenable. The court considered and rejected both of these arguments in turn.
Continue Reading FINANCIAL INSTITUTIONS MAKE HISTORY IN TARGET MDL, FIRST CLASS ACTION CERTIFIED IN FEDERAL COURT TO LITIGATE SECURITY BREACH ISSUES

More than a year-and-a-half after Target’s December 2013 announcement of a massive data breach, the retailer has reached an agreement with Visa, whereby it will reimburse Visa and certain affected card issuers up to $67 million for expenses incurred in connection with the breach.  This will include costs associated with reissuing cards. The agreement comes three months after the company’s proposed $19 million settlement with MasterCard fell through as not enough banks accepted the deal.  The MasterCard deal required the approval of 90 percent of banks representing cardholder accounts that were affected by the breach. The Visa deal is less likely to fall apart because it was conditioned on a majority of issuers entering into direct settlements with Visa and Target, which Visa has since certified.  According to sources within the company and at MasterCard, the retailer is also renewing efforts to settle with MasterCard on a similar basis.

Meanwhile, a class certification motion hearing on behalf of the financial institution plaintiffs is scheduled to be held September 10, 2015.  According to lead counsel for the plaintiffs, Charles Zimmerman of Zimmerman Reed PLLP, plaintiffs seek to hold Target accountable for damages “far greater than what has been offered under this settlement.”  Zimmerman further contends that “[j]ust as with the proposed MasterCard settlement… [the Visa deal] was negotiated under a veil of secrecy without the involvement of the court or the court-appointment legal representatives of financial institutions.”
Continue Reading Target Reaches $67 Million Settlement with Visa over Data Breach Claims

A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval.

If

On the one-year anniversary of Target’s announcement that it had suffered a massive data breach, Judge Magnuson in the District of Minnesota cleared the way for a consumer class action against the retailer to move forward into discovery. Earlier this month, the court ruled that the financial institution class actions can also proceed.

In the

This post was also written by David Z. Smith and Carolyn H. Rosenberg.

In the wake of its massive data breach, Target now faces a shareholder derivative lawsuit, filed January 29, 2014. The suit alleges that Target’s board members and directors breached their fiduciary duties to the company by ignoring warning signs that such