A class action lawsuit filed Tuesday against Target Corp. over its recent data breach alleges that the company knew about the data risks that existed in its system since 2007. It is at least the second class action lawsuit to be filed against the retailer.
“As early as 2007, Target was specifically warned by a data security expert about the possibility of a POS data breach, it was told how to prevent such a breach and it was told that failure to act could possibly result in the compromise of as many as 58 million charge accounts,” the class action lawsuit states. “Even though Target described the security expert’s suggestions as ‘good ideas,’ on information and belief it did not implement them.”
The Target data breach class action lawsuit was filed Jan. 14 in the U.S. District Court for the Northern District of California by five plaintiffs — Nancy Mancias, Christi Nagro, Corey Ables, Andrew Lawhern, and Patrice Davis — over the data breach that occurred for about a month from Nov. 17, 2013 until Dec. 15, 2013 by unknown hackers. All of the plaintiffs were Target debit card holders who used their cards during the vulnerable period. They are seeking to represent subclasses in California, Colorado, Washington and Arizona.
“The breach resulted in the largest theft of personal and financial information in history and affected at least 40 million credit card and ATM accounts and the personal and financial information of at least 70 million individuals,” the class action lawsuit states.
However, the plaintiffs claim that based on the expert’s advice in 2007, “the massive Target [point of sale] data breach could have been prevented.”
In addition, the plaintiffs allege that Target did not disclose the data breach to its customers until a month after the data breach began, when the news was reported by Brian Krebs, an internet security and cybercrime blogger on Dec. 18, 2013. At that point, the news was widely reported across the media.
“Target did not promptly disclose the POS data breach and did not notify victims of the POS data breach in a reasonable or timely manner,” the complaint says.
In December it was reported that the credit card and Target debit card account information “had been exposed to fraud.” Almost two months later, on Jan. 10, it was reported that hackers had also stolen customer names, addresses, phone numbers and email addresses of 70 million Target customers.
As a result, the plaintiffs claim, Target customers have been faced with fraudulent charges on their accounts as well as having to give up time and expenses in order to find fraudulent charges, cancel and reissue cards, credit monitory and identify theft prevention and spending limits placed on the accounts.
The five plaintiffs are charging Target with negligence, violating Minnesota business law (Target’s headquarters are located in Minnesota), violating Minnesota’s Deceptive Trade Practice Act, violating California’s Unfair Competition Law, California’s Data Breach Act, violating Arizona’s Consumer Fraud Act and violating Colorado’s Consumer Protection Act.
They are suing for actual and statutory damages. Another Target data breach class action lawsuit filed in December is making similar accusations.
The massive data breach has led federal lawmakers to call for new statutes to be put in place and a tightening of security standards, when companies hold and keep personal information of their customers.
The plaintiffs are represented by Thomas E. Loeser, Steve W. Berman and Jeff D. Friedman of Hagens Berman Sobol Shapiro LLP.
Counsel information for Target was not immediately available.
The Target Data Breach Class Action Lawsuit is Mancias, et al. v. Target Corporation, et al., Case No. 3:14-cv-00212, in the U.S. District Court for the Northern District of California.
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
©2008 – 2014 Top Class Actions® LLC
Various Trademarks held by their respective owners