Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

40 Million Credit/Debit Card Data Breach Makes Target a Target for Lawsuits by Attorneys and Investigations by Attorneys General

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Suddenly Target has become one of the most aptly named companies in the world as attorneys general from four states (and counting) and three class-action lawsuits (and maybe more down the road) take aim at the retailer.

Connecticut, Massachusetts, New York and South Dakota have requested information about the breach. And two class action suits have been filed in California with an additional one filed in Oregon. Two of the suits are seeking damages in excess of $5 million.

Brian Krebs on notes, “Credit and debit card accounts stolen in (the Target breach) … have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”

For a time, to mitigate damage to the company’s reputation, Target offered customers a 10% discount in its approximately 1,800 U.S. stores, but there was no mention of a discount for customers of Target’s 124 Canadian outlets. What’s with that? Eh? Additionally CEO Gregg Steinhafel said the company would provide free credit monitoring for at-risk customers.

Mike Snider in his piece on quoted Daren M. Orzechowski, a New York-based intellectual property attorney with White & Case LLP, noting that “With these data security breaches, there’s usually the question of consumer confidence and trust. They [may] feel they need to do more to try to preserve consumer confidence.”

Columbia Law School professor John Coffee told Snider, “We do not yet know if Target was negligent or whether these were very skillful hackers who could have penetrated any system–but those critical factual issues seldom slow the race to the courthouse.”

In addition to states’ attorneys general and lawyers bringing class-action suits, the U.S. Secret Service is also investigating the breach, the second largest for a retailer in U.S. history, the first involved retailer TJX in 2005.

Snider reports that the breach might spur the adoption of smart cards, which instead of a magnetic strip on the reverse side, have digital chips that create a unique code every time a card is used. Of the cards currently in use, Mallory Duncan, general counsel at the National Retail Federation notes, “We are using 20th century cards against 21st century hackers.”

By ThreatMetrix Posted