Ruling says banks may file class action suit versus Target over data breach

A Target employee returns carts to the store in Falls Church, Virginia May 14, 2012. Target Corp. (TGT) will report its first quarter results on May 16th. REUTERS/Kevin Lamarque — A Target employee returns carts to the store in Falls Church, Virginia May 14, 2012. Target Corp. Reuters/Kevin Lamarque

US District Judge Paul Magnuson in St. Paul, Minnesota has ruled in favor of several banks, certifying the latter may now file a class action lawsuit against Target Corporation. Target was hit by a massive data breach that compromised 40 million credit cards during the 2013 holiday season.

One of the banks’ lead lawyers said the ruling brings financial institutions as a group closer to holding Target accountable for its data breach. In 2013, hackers successfully inserted malware into Target’s Point of Sale (PoS) network before the holiday season began. This theft led to the loss of personal information, email addresses and credit card numbers of some 70 million customers, reported Ars Technica .

Target spokeswoman Molly Snyder expressed disappointment after reviewing the court’s decision. In his ruling, Magnusson noted the gravity of the losses that hit the affected financial institutions.

A year after the hack, the banks requested the district court of Minnesota to permit them to collectively sue Target for its negligence. Card networks Visa and MasterCard, however, took steps to reach a settlement with the retailer to pay back banks under their respective networks.

Target reached a $67 million settlement with Visa last August. On the other hand, its $19 million settlement with MasterCard fell through with MasterCard criticizing it for being too low, said ZD Net .

Banks that agreed to Visa’s settlement are barred from joining the newly approved class action, according to Reuters . The number of Visa card issuers that accepted the settlement isn’t clear.

The five banks that originally sued Target include Mutual Bank, Umpqua Bank, Village Bank, First Federal Savings of Lorain and CSE Federal Credit Union. The case is docketed as “In re Target Corporation Customer Data Security Breach Litigation, 14-md-2522, U.S. District Court, District of Minnesota (St. Paul)”.