More Target-Related Lawsuits


By: David Cole
In credit card data breaches, individual consumers are usually not directly harmed because they are issued new cards and not held responsible for fraudulent charges.  Instead, it is the card issuers that are usually harmed because they have to incur the cost of cancelling and reissuing stolen cards and absorbing the fraudulent charges.
Last week, two banks filed a class action lawsuit against Target for their losses in connection with the data breach.  Citing different sources, the complaint estimates that the total costs to banks and other class members could exceed $1 billion for replacing cards and covering fraudulent charges.  In an unusual move, however, the banks also sued TrustWave Holdings, which is the third-party auditor that validated Target’s compliance with the Payment Card Industry Data Security Standard (PCI DSS).  The lawsuit alleges that in addition to Target, TrustWave is responsible for the breach because it negligently performed its audit and monitored Target’s point-of-sale system for intrusions.
The lawsuit was filed in federal court in Chicago and seeks class-action status, accusing both TrustWave and Target of negligence, deceptive practices, and misrepresentation.  More information can be read here and here.