In the continuing fallout from the breach of Target's point-of-sale (POS) network during the 2013 holiday shopping season, which resulted in the stealing of card numbers and other personal information of more than 100 million customers, a judge in Minnesota ruled on Tuesday "that Target was negligent in failing to provide sufficient security to prevent the hackers from accessing customer data."
In doing so, he cleared the way for several banks to band together in a class-action lawsuit, according to ArsTechnica.
In his ruling, Paul A. Magnuson, United States District Court Judge, dismissed Target's defense – that its re-issuing of cards soon after the breach was a "a business decision and not an injury proximately caused by the breach – as "absurd."
Charles Zimmerman, one of the lawyers representing the banks, said in a statement, "This important ruling brings financial institutions one step closer to collectively holding Target accountable for its unprecedented data breach."
A Target spokeswoman said the company was "disappointed" and would assess its next steps after studying the court's ruling.
Several banks which originally sued Target, claiming damages of $5 million – Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union, and First Federal Savings of Lorain – have been named by the plaintiff to represent the new class action.
A $10 million class action settlement involving consumers was settled in March 2015 and is pending. Financial institutions were divided into a separate track. In August, Target agreed to a $67 million settlement with Visa. Participating banks in the Visa settlement agreed not to be a part of subsequent class action. A $19 million settlement with MasterCard is still pending.