August 10, 2020

Volume X, Number 223

August 10, 2020

Subscribe to Latest Legal News and Analysis

Attention Retailers: Target Data Breach Ruling Finds Duty Owed to Issuer Banks

The Court hearing the Target data security breach litigation issued a ruling on December 2, 2014, largely denying Target’s motion to dismiss the Consolidated Amended Class Action Complaint in the Financial Institutions Cases.  In his decision, Judge Magnuson found that Target owed the issuer banks a duty to protect customer data from hackers, a determination that was based on allegations that Target played a “key role” in allowing the break-in to occur by intentionally disabling one of the security features that would have prevented the harm.  Decision at 5.  At issue in the case is whether Target should be held responsible for the costs incurred by the issuer banks as a result of fraudulent charges and to replace customers’ credit and debit cards.

The importance of the decision is that it provides banks with a legal basis to seek to hold merchants financially responsible for the costs of data breaches if the facts suggest the merchants’ data security systems were deficient.

Of course, this is just the first round in the litigation and the banks will still need to prove their case before imposing liability on Target.  That said, this decision is surely a sign of things to come and we will continue to mind the store and report on developments.

© 2020 Proskauer Rose LLP. National Law Review, Volume IV, Number 346


About this Author

Margaret A Dale, Commercial Litigation, Proskauer Rose Law Firm

Margaret Dale is a Partner in the Litigation Department, resident in the New York office. Her practice focuses on commercial litigation, including class action defense, as well as intellectual property, privacy and data security, corporate governance litigation, securities litigation, and regulatory and internal investigations. She also represents and counsels clients in art law matters.