ST. PAUL, Minn. (CN) – Banks that had to reimburse clients defrauded in the wake of the massive Target data breach can sue the retailer as a class, a federal judge ruled.
After unidentified hackers infiltrated Target’s computer system during the 2013 holiday season, consumers whose personal information had been compromised weren’t the only ones to file suit.
Financial institutions that had supplied the debit and credit cards used by Target shoppers say they had to replace cards for their customers, reimburse fraud losses and take other steps to remediate losses that Target’s cybersecurity failures created.
Target agreed this past March to settle the consumers’ claims for $10 million, but consolidated claims by the affected banks remain pending before U.S. District Judge Paul Magnuson.
On Tuesday, Magnuson agreed to certify the banks as a class and appoint the law firms Zimmerman Reed and Chestnut Cambronne as lead class counsel.
The judge scoffed at Target’s claim that the banks cannot hold it responsible because they reissued cards as a business decision, not because of an obligation.
“The absurdity of this suggestion is evident from the fact that Target itself reissued all of its RedCards, both debit and credit, in the weeks after the breach,” Magnuson wrote.
Whether the banks reacted to the breach reasonably is a question they can answer as a class, the court found.
Target’s argument that the companies have not each proven damages also fell flat.
Though Target argued that its defenses to the banks’ claims vary widely from institution to institution, Magnuson found it “clear that all of Target’s affirmative defenses are defenses to damages, not liability.”
Magnuson said Target is mistaking comparative fault for the data breach with the alleged failure by the banks “to adequately respond to the data breach, thus allegedly increasing their damages.”
As such, the Seventh Amendment does not prohibit class treatment, the court found.
Magnuson appointed Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings of Lorain as class representatives at the plaintiffs’ request.
Target has not returned a request for comment.
Investigators believe the security breach was carried out by thieves who installed software on Target’s payment terminals to capture credit information. The breach affected more than 1,700 of Target’s 1,900 stores, allowing hackers extract the financial information of more than 40 million customers.
- Craft Brewer Raises Beer to|Constitutional Level in Texas
- Test of Slovak Benefits|Fails in EU Court