3 sue Target over data breach, with eye on class action

Source: Pioneer Press, St.迷利倉 Paul, Minn.Dec. 23--Two days after officials with Target acknowledged there had been a major theft of customers' credit and debit card data, attorneys filed the first lawsuits against the company over the issue.In two separate suits filed Friday in U.S. District Court in Minnesota, three Target customers, saying they were suing for all other people who might be affected, accused the company of negligence.They also claim the Minneapolis-based retailer failed to notify customers as soon as it learned of the theft."Defendants indicated that it began investigating the incident 'as soon as (they) learned of it' but it did not contemporaneously disclose the breach to Plaintiff and putative class members," Inver Grove Heights attorney Gregory McEwen wrote in a suit on behalf of a customer named Sarah Horton."Defendants have not made efforts to directly notify individuals whose information was compromised," the suit says.In a separate petition, Theresa Burkstrand of New Hope and Bryan Barth of Minneapolis lambast Target over lax data security."In one of the largest-ever commercial breaches of private information, Target failed to secure the payment information of its customers over the busy holiday shopping season," said the suit, filed by Minneapolis attorney E. Michelle Drake."As a consequence of Target's conduct, Plaintiffs and the classes are exposed to fraudulent charges, identity theft, and damage to their credit scores," Drake wrote.A Target media representative said Sunday that the company typically does not comment on pending litigation.On Thursday, Target acknowledged that techno-thieves had accessed its computers and stolen the credit and debit card information of about 40 million customers.The retailer, which has nearly 1,800 stores in the United States, says the stolen data involved customers who shopped at the chain's stores between Nov. 27 and Dec. 15.The culprits got customer names, card numbers and expiration dates, as well as the three-digit card security code printed on the back of cards.Federal authorities are investigating the theft.Brian Krebs, a former Washington Post reporter whose blog, krebsonsecurity.com, focuses on Internet security issues, revealed the breach Dec. 18. On Wednesday, he wrote that he had spoken with a fraud analyst for a large bank who said card data had wound up in a particular "card shop -- an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards.""There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country," Krebs wrote.He said the card shop the fraud expert was talking about "has earned a special reputation for selling quality 'dumps,' data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim's bank a迷你倉count."A Target spokesman has said there is no indication thieves got the PINs, which stand for personal identification numbers.In their suit, Burkstrand and Barth say their claims and the claims of others -- if the suit is granted class-action status -- exceed $5 million, "and there are numerous class members who are citizens of states other than ... Minnesota," the suit says.Burkstrand made four purchases at Target using her Discover credit card between the dates of the theft, the suit says. It says Barth used his credit card to make a purchase at Target on Dec. 13.They contend that one of the features making the theft particularly bad is that thieves got the ZIP codes of the stores where the cards were used.That information allows thieves to possibly avoid detection of fraud investigators, Drake wrote in the Burkstrand-Barth suit."The fact that Target's systems allowed access to the zip (sic) code of the stores at which the transactions were taking place allows an individual who purchases the information to use them only in the states where the original cards were issued, which helps to prevent the use of the cards from triggering systems that help banks detect unusual activity, such as when cards are used out of state," the lawyer wrote."This breach puts customers, including Plaintiffs, at risk for fraudulent charges to their accounts, identity theft, damage to credit scores and other financial harm," the suit contends.Burkstrand and Barth allege two causes of action: that Target was negligent in protecting its customers' data and in not immediately revealing the security breach, and that it violated a Minnesota law that requires companies to notify customers of such incidents in a timely manner.The law says such disclosures "must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement. ..."McEwen's suit on behalf of Horton does not identify her beyond saying she is a resident of Minnesota and that she used her "credit and/or debit cards to pay for her purchases" between the dates of the data theft.Horton's suit alleges five causes of action. Among other things, she claims Target breached its fiduciary duty by improperly storing data and not safeguarding it and that it was guilty of breach of contract.She also alleges negligence, arguing Target knew or should have known "that its computer network for processing and storing the Sensitive Personal Information had security vulnerabilities," McEwen wrote."Target was negligent in continuing to accept, process and store such information in light of its computer network vulnerabilities and the sensitivity of the information," the suit contends.Horton's suit, which also seeks class-action status, does not state a damage figure but asks for actual damages -- including "the burden and expense of credit monitoring" -- and "equitable relief."David Hanners can be reached at 612-338-6516.Copyright: ___ (c)2013 Pioneer Press (St. Paul, Minn.) Visit the Pioneer Press (St. Paul, Minn.) at .twincities.com Distributed by MCT Information Services自存倉