Target guilty of massive $30m data breach
Retailer found responsible for huge data hack, clearing path for banks to sue
Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses.
A year on, Minnesota district court judge Paul Magnuson has ruled that Target was negligent in the holiday breach.
He referred to the fact the retailer had ignored alerts from its $1.6 million early-warning system provided by FireEye, as well as referring to the company purposefully disabling security software that could have thwarted the attack.
He said: "Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur.
"Plaintiffs' allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.
"Target held itself out as having secure data systems when Target knew that it did not have secure systems and had taken affirmative steps to make its systems more vulnerable to attack."
Target was also guilty of having inadequate network sequestration, which enabled hackers to access the point-of-sale network using an external contractor's details.
The ruling clears the way for banks to sue the retailer for their losses in the $30 million incident, following heated debates between unions representing retailers and banks.
The National Retail Federation and the Retail Industry Leaders Association claims data breach costs should be shared between retailers and banks because retailers spend an alleged $6 billion a year on data security.
This was rebutted by Credit Union National Association CEO, Jim Nussle, who said: "In our most recent survey, released just yesterday, credit unions told us that - to date - they have received no reimbursements for the Target breach, now more than 10 months after the breach occurred. "In short, we'll back off highlighting the costs of data breaches on credit unions when merchants step up and take responsibility, adopt the same data standards, and stop making consumers vulnerable."
Virtual desktops and apps for dummies
An easy guide to virtual desktop infrastructure, end-user computing, and moreDownload now
The total economic impact of optimising and managing your hybrid multi-cloud
Cost savings and business benefits of accelerating the cloud journeyDownload now
A buyer’s guide for cloud-based phone solutions
Finding the right phone system for your modern businessDownload now
What’s next for the education sector?
A new learning experienceDownload now