Target Credit Card Breach Lawsuits Consolidated in Minnesota
Target's legal woes stemming from the December security breach will now be consolidated in Minnesota thanks to a new order from the U.S. Judicial Panel on Multidistrict Litigation, moving 33 lawsuits from seven states and 18 districts to the retailer's home state.
Cyberthieves made off with 110 million personal records from Target after the busy Black Friday shopping season -- 40 million were credit cards. The heist is the largest theft of retail data in history.
"On the basis of the papers filed and hearing session held, we find that these actions involve common questions of fact, and that centralization in the District of Minnesota will serve the convenience of the parties and witnesses and promote the just and efficient conduct of this litigation," the panel wrote in the transfer order.
"These actions share factual questions arising from a data security breach at stores owned and operated by Target between November 27, 2013, and December 15, 2013. Centralization will eliminate duplicative discovery; prevent inconsistent pretrial rulings, including with respect to class certification; and conserve the resources of the parties, their counsel, and the judiciary."
Target recently caught a break as two banks dropped their lawsuit against Target and credit card security firm Trustwave Holdings Inc. Trustmark National Bank from New York and Houston-based Green Bank NA both initially filed the lawsuit claiming negligence on Target's and Trustwave's parts in protecting customer data. However, as details have emerged that outsourcing was not a part of the problem that led to the security breach, both banks have pulled out "without prejudice to re-filing."
"Trustwave would like to reassure our customers and business partners that these claims against Trustwave are without merit, and that we look forward to vigorously defending ourselves in court against these baseless allegations," Trustwave CEO Robert McCullen wrote in a letter to customers and business partners soon after the lawsuit was filed.
"Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target."
Target, the No. 3 retailer in the United States, has faced intense backlash from both the public and political spectrum. Shopping at Target was down compared to previous years soon after the December breach, and to make matters worse, a Bloomberg Businessweek report revealed that the retailer received warnings about the breach but ignored them.
"The best technology in the world is useless unless there's good management," Senator Richard Blumenthal, a Democrat from Connecticut, said at a March Senate hearing. "And here, to be quite blunt, there were multiple warnings from the company's anti-intrusion software; they were missed by management."
"We know this has shaken their confidence, and we intend to earn it back," Target CFO John J. Mulligan said at the hearing. "Like you, we are asking hard questions about whether we could have taken different actions before the breach was discovered that would have resulted in different outcomes."
Target has stated the investigation into the breach is still ongoing, and that there exists the possibility the extent of the damage is worse.