Target guilty of massive $30m data breach

Retailer found responsible for huge data hack, clearing path for banks to sue

Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses.

The retailer suffered a huge data hack over November and December 2013, in which the details of 40 million credit cards were stolen by cyber criminals who infected store payment systems with malware.

A year on, Minnesota district court judge Paul Magnuson has ruled that Target was negligent in the holiday breach.

He referred to the fact the retailer had ignored alerts from its $1.6 million early-warning system provided by FireEye, as well as referring to the company purposefully disabling security software that could have thwarted the attack.

He said: "Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur.

"Plaintiffs' allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.

"Target held itself out as having secure data systems when Target knew that it did not have secure systems and had taken affirmative steps to make its systems more vulnerable to attack."

Target was also guilty of having inadequate network sequestration, which enabled hackers to access the point-of-sale network using an external contractor's details.

The ruling clears the way for banks to sue the retailer for their losses in the $30 million incident, following heated debates between unions representing retailers and banks.

The National Retail Federation and the Retail Industry Leaders Association claims data breach costs should be shared between retailers and banks because retailers spend an alleged $6 billion a year on data security.

This was rebutted by Credit Union National Association CEO, Jim Nussle, who said: "In our most recent survey, released just yesterday, credit unions told us that - to date - they have received no reimbursements for the Target breach, now more than 10 months after the breach occurred. "In short, we'll back off highlighting the costs of data breaches on credit unions when merchants step up and take responsibility, adopt the same data standards, and stop making consumers vulnerable."

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Colonial Pipeline reportedly paid $5 million ransom
Security

Colonial Pipeline reportedly paid $5 million ransom

13 May 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021