According to various sources, well over 100 million Target customers are believed to have had their personal and/or financial information compromised when Target was hacked last year. Data breach lawsuits are flowing in from disgruntled consumers not impressed that sensitive information may have fallen into the hands and control of unsavory individuals, not to mention the breach of a perceived trust that a merchant would ensure such information was kept safe and secure.
However, consumers aren’t the only litigants in this data breach case. Various banks and credit unions are also joining the fray, in an attempt to hold Target legally responsible for losses incurred in the wake of the massive hack, by way of an amended class-action data breach lawsuit against Target filed in August.
Target moved swiftly to counter the lawsuit, filing a motion to dismiss in September based on the banks’ claim that there is a relationship within the card transaction process between the banks and Target that allow for the underpinnings of a claim. However, Target countered that “issuing banks and merchants have no direct dealings with one another in the payment card transaction process,” Target said in its motion.
Then, on October 22, Target turned up the rhetoric, maintaining that merchants are not liable to issuers following data breaches. Under data protection laws observed by the state of Minnesota, plaintiffs are required to establish what is described as a “special relationship” in order to pursue allegations that one party failed to protect another from a third party. Target maintains that “courts have already established that type of relationship doesn’t exist between merchants and issuers.”
Target is based in Minneapolis, Minnesota.
Target also disputes any claims of negligence by the banks, noting that banks and credit unions had already noted in their complaint(s) that Target had been duly conforming to the recognized Payment Card Industry Data Security Standard (PCI DSS) protocol.
READ MORE DATA BREACH LEGAL NEWS
One is left to wonder if Target will play the PCI DSS card as a defense against consumer litigation and other data breach lawsuits currently residing in multidistrict litigation (MDL). The case is In re: Target Corp. Customer Data Security Breach Litigation, case number 0:14-md-02522, in the US District Court for the District of Minnesota.