Banks, credit unions and other financial institutions suing retail giant Target for financial losses stemming from a 2013 data breach are eligible for certification for class action status, a Minnesota federal judge determined Tuesday.
The bank plaintiffs allege they were hit hard by the massive holiday data breach, which affected more than 40 million credit and debit card holders and cost credit unions more than $30 million. U.S. District Judge Paul A. Magnuson’s decision allows the banks to move ahead in multidistrict litigation (MDL) aimed at recovering losses incurred because of the Target data breach.
Target attempted to thwart the formation of a class action, arguing that the banks’ cases were too complex and subject to diverse laws and other variables to be decided in a class action.
Target also argued that the banks’ losses were not concrete but speculative, much like the losses sought by cardholders who argued that the breach and resulting theft of their sensitive card information exposed them to potential future losses. The judge also rejected that argument, finding the banks’ claims were validated by their claim that they needed to reissue “nearly every card” exposed in the data breach – a real cost they incurred because of the breach.
Judge Magnuson called Target’s claim that the banks weren’t entitled to compensation because they weren’t legally bound to take preventative action by reissuing cards “absurd”, especially considering the retailer issued new RedCard credit and debit cards to its own customers following the breach.
“The decision by the Minnesota Federal Court to certify this class of financial institutions is monumental in the developing law in data breach litigation,” said Beasley Allen principal W. Daniel “Dee” Miles, III, head of the firm’s Consumer Fraud section. Miles was appointed by Judge Magnuson to the Plaintiff’s Leadership Committee representing the banks. “We are thrilled with not only the certification of the class, but also with the court’s attention to the details surrounding the facts of this litigation, and the rigorous legal analysis it has conducted in certifying the class. The precedential value of this opinion will be revered by other trial courts dealing with data breach cases.”
Approximately 9,000 banks and credit unions are represented in the class action. They allege that Target was negligent in securing its data and that it violated Minnesota’s Plastic Security Card Act, which prohibits vendors from retaining certain payment card data for more than 48 hours, among other safety measures.
Source: Law 360