Target settlement could make other hacked retailers liable

Target has agreed to pay $10 million to settle a class-action lawsuit stemming from a massive data breach that compromised the information of up to 40 million shoppers during the 2013 holiday season. Target will pay affected shoppers up to $10,000 each in damages. 

|
Damian Dovarganes/AP/File
Shoppers arrive at a Target store in Los Angeles. Target has proposed to pay $10 million to settle a class-action lawsuit brought against it following a massive data breach in 2013.

The 2013 holiday shopping season is most likely one Target would rather forget. It came a step closer this week.

The retailer has agreed to pay $10 million to settle a class-action lawsuit stemming from a massive data breach in which hackers broke into Target's computer system and stole credit and debit card information of up to 40 million shoppers (other shoppers had information like e-mail and mailing addresses stolen, pushing the number potentially higher). Individual shoppers could receive up to $10,000 in damages, according to court documents. The proposed settlement will be heard in a court in Minnesota on Thursday. 

"We are pleased to see the process moving forward and look forward to its resolution," Target spokesperson Molly Snyder told CBS News, which first confirmed the story. 

Customers will be able to submit claims online through a stand-alone website.

The Target breach was carried out between Nov. 27 and Dec. 15, 2013. Hackers installed malware on the retailer's payment machines, capturing card data when shoppers swiped cards to make payments, affecting customers at all 1,797 of Target's US locations. It was among the largest retail hacks of its kind.

By the end of that year, several lawsuits were filed against the Minneapolis-based company, seeking millions in damages. The Justice Department soon launched its own investigation; in 2014, spurred in part by Target's delay in disclosing the breach, Attorney General Eric Holder urged Congress to to introduce legislation to create "a strong national standard" requiring retailers to quickly alert consumers and law enforcement when shopper data is compromised. This week's settlement would also require Target to adopt additional data security measures, including appointing a chief information security officer and maintaining a written information security program, according to Reuters. 

In an August 2014 earnings report, Target disclosed that the hack had cost the company $148 million, before the legal action. 

The after-effects of the Target breach, which was notable both for its breadth and its sophistication, have rippled through the US retail industry since. Chains including Neiman Marcus, Home Depot, P.F. Chang's, Jimmy John's, and Staples faced their own data breaches. The hacks have amplified calls for better consumer data protection. For example, many have urged merchants and banks to phase out magnetic-stripe credit cards and convert to computer chip-based card technology (also known as EMV), already in wide use in Europe and other parts of the world. Several banks and credit card companies are in the process of adopting the technology, and Target has invested $100 million to convert its customer credit card program.

This week's proposed settlement, too, could set a precedent for other retailers that fall victim to data hacks.

"Consumers and banks have routinely brought negligence claims against businesses such as Target that have suffered a data breach," Jaikumar Vijayan argued in the Christian Science Monitor's Passcode blog in December, after a state court allowed the class-action suit to move forward. "However, this is the first time in a data breach case of this magnitude that a court has said a company can be sued for failing to respond to warnings from security software. That decision could set in motion new legal standards for bringing negligence claims against organizations that suffer data breaches."

Target, meanwhile, is working to move forward after a tumultuous year. Last week, the company announced 1,700 layoffs at its Minneapolis headquarters. In January, Target axed its entire operation in Canada, just a few years after launching an ambitions expansion into the country. 

Also this week, to keep pace with wage hikes at other major retailers, Target pledged to raise its minimum pay rate to $9 per hour by next month. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Target settlement could make other hacked retailers liable
Read this article in
https://www.csmonitor.com/Business/2015/0319/Target-settlement-could-make-other-hacked-retailers-liable
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe