Target faces lawsuits after data-security breach

Bloomberg NewsDecember 25, 2013 

457904015

A Target store is seen on Dec. 19, 2013, in Miami, Fla. Target announced Jan. 10 that personal information — including phone numbers and email and mailing addresses — was stolen from as many as 70 million customers in its pre-Christmas data breach.

JOE RAEDLE — Getty

— Target, the second-largest U.S. discount chain, faces almost two dozen lawsuits filed by customers after a computer security breach exposed data on 40 million debit and credit cards.

Customers have filed complaints seeking group, or class-action, status for their suits in state and federal courts from the company’s home state of Minnesota to California and New York. Most accuse Target of failing to protect their private information.

The information obtained during the breach “is a treasure trove for identity theft criminals who could use it to gain access to credit card and other private and valuable information about customers,” one of the plaintiffs, Alfonso E. Alonso III of San Francisco, said in a complaint.

Target said Dec. 19 that security for the cards may have been breached between Nov. 27 and Dec. 15 during purchases in stores. While the chain said it had identified and resolved the issue, the breach occurred during the most important period of the year for retailers, in a year shoppers already were showing reluctance to spend.

1.2 million cards in N.C.

In a filing with the N.C. Attorney General’s office, the retailer said 1.2 million credit and debit cards used in Target’s North Carolina stores during the three-week period were exposed during the breach. The filing said the company could not determine how many state residents were affected because store terminals do not capture mailing addresses.

In a statement this week, Target said it’s unveiling a special website to communicate with customers. The retailer said “limited incidents” of fake communications claiming to be from the company prompted it to set up the dedicated channel for posting information about the breach.

Complaint about notification

Alonso said in a complaint filed Monday in federal court in Minneapolis that Target didn’t notify consumers its computers’ security was compromised until after the incident was reported in the media. That prevented customers from taking the necessary steps to protect against identity theft and fraud, he claimed.

He said he’s a regular Target customer and bought items at the store during the breach period, including a scooter and a helmet he bought for $60.98 on Dec. 2 to donate to a children’s charity.

Since disclosing the breakdown, the Minneapolis-based company has agreed to give some shoppers free credit reporting, assured them they wouldn’t be responsible for fraudulent charges and offered a 10 percent discount on purchases last weekend to regain their trust.

Talking to state officials

The company’s General Counsel Tim Baer hosted a call for state attorneys general Monday to discuss the breach to “provide them with information about the issue and answer their questions as well as those of their constituents.”

The company is also “actively partnering” with the U.S. Department of Justice and the Secret Service on a continuing forensic and criminal probe. Neither entity is investigating Target, according to the statement.

Staff writer Mary Cornatzer contributed

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service