Lawyers at Beasley Allen, along with lawyers from several very good law firms from around the country, are diligently prosecuting a class action lawsuit against Target on behalf of the financial institutions which bore the brunt of the credit card thefts that resulted from Target’s negligent failure to safeguard customer financial information. Despite Target’s attempt to keep the filing under wraps, the motion for class certification filed by financial institutions against Target for its role in the 2013 data breach, was unsealed last month by the United States District Court in Minneapolis, Minn. Judge Paul Magnuson is presiding over this case.
The banks have contended that the Target breach was a “foreseeable consequence of Target’s longstanding lackadaisical practices” and “substandard cybersecurity practices.” As a result, as many as 110 million customers had their personal or financial information compromised, including more than 40 million credit and debit cards.
Target hired ill-equipped employees to oversee its data security systems, maintained woefully deficient security programs, repeatedly ignored pre-breach warnings about malware intrusions and took steps to limit employees’ ability to secure data in busy periods to avoid disrupting profits.
Among other significant failures, Target disabled and removed key security features of Symantec, its anti-virus provider, and kept them disabled until after Black Friday. Target installed FireEye, a cybersecurity application, but failed to implement its malware prevention features and failed to integrate FireEye into its alert generating system. Further, the banks say that Target implemented a “system freeze” from October 2013 to January 2014 making it more difficult to make any changes to Target’s computer systems “during seasons where Target generated the most revenue.”
The banks explained that once the breach began, Target ignored warnings about the intrusion as early as Nov. 25, 2013, when Target received an alert for unauthorized activity on its point-of-sale (POS) terminals. The alert led a Target Security Operations Center employee to note in an email, “Funny thing was that this one looked kinda suspicious to me. Looks like someone’s using a service account to access all the registers in one store.” Target received alerts the next day, November 26, and several days afterward; however, it failed to act until it was contacted by the U.S. Secret Service on December 12, 2013.
Even prior to the breach, the banks say that Target failed to secure its customers’ financial information. A former Target group manager “testified that in April of 2012, Target discovered unencrypted payment card information dating back ‘at least six or seven years’ on servers” in nearly 300 Target stores. It was stated that, “Despite finding this unencrypted data, Target failed to take any action…for nearly six months until the end of September 2012.” Even worse, Target continued to retain unencrypted payment card data on its system. Specifically, unencrypted card data dating back almost 10 years was found in plain text on Target’s servers during the investigation of the breach.
Dee Miles, from our firm, who was appointed by Judge Paul Magnuson to the Plaintiff’s Leadership Committee representing the banks, say that “within days of the Court publishing the true facts of the case against Target revealing what appears to be “gross negligence” on the part of Target, the company announced publicly that it has been privately negotiating with a third party, VISA, to use something called the “GCAR” Resolution Program to settle losses the banks may have incurred. However, Target’s offer is literally pennies on the dollar and is grossly inadequate to compensate banks for their actual losses, especially under the facts that have now been revealed. Dee and the Plaintiffs’ Leadership Committee have notified the banks of these issues and are urging the banks to not sign any documents whatsoever in relation to any funds VISA sends to them in relation to the Target breach.
Dee believes that Target’s secret negotiations with VISA are a real attempt to undermine the class action and the Court system. He is hopeful that the banks will see Target’s attempt for what it actually is and that’s an effort to cheat them out of their true losses. Target announced that its deadline for banks to participate in their GCAR Program is September 4. The hearing on the class certification will take place in the federal district court in Minnesota on September 13, before Judge Paul Magnuson. If you need more information about this litigation, contact Dee Miles at 800-898-2034 or by email at Dee.Miles@beasleyallen.com.
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.