Target Reaches a Settlement Deal In Data Breach

A class action lawsuit that was filed against Target for the 2013 data breach reached a $39.4 million settlement given to the financial institutions involved. Target has previously resolved the consumer class action lawsuit in a separate settlement that totaled $10 million to up to 110 million consumers who were estimated to have had their personal data potentially compromised with the release of their credit and debit card information. In this recent settlement, with the remaining class of financial institutions, Target has agreed to pay $20 million into a settlement fund that will pay back banks that had to issue new cards to its members because of the data breach [1].

Target has said that at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers. The Minneapolis-based retailer has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers in all stores. Wednesday’s consensus was filed with the U.S. District Court in St. Paul, Minnesota, and requires court approval. It calls for Target to pay as much as $ 20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc., card issuers [2].

The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minnesota, who called it “fair, reasonable and adequate,” court records show. A hearing on final approval was scheduled for May 10, 2016

Financial Institutions should not always have to bear the burden of extensive costs related to merchant data breached over which they have no control” the plaintiffs’ lawyers stated. These plaintiffs include Umpqua Holdings in Roseburg, Oregon; Mutual Bank in Whitman Massachusetts; Village Bank in St. Francis, Minnesota; CSE Federal Credit Union in Lake Charles, Louisiana; and First Federal Savings of Lorain in Lorain, Ohio. Additionally, the trade groups representing banks and credit unions have estimated that their members incurred more than $200 million of expenses related to the breach [3].

What Happened?

In December of 2013, hackers were able to get into Target’s system to steal valuable information about consumers including not only credit and debit card information, but also phone numbers, email addresses, names and personal information that can be used in coordination with the first data gathered to further perpetuate criminal activity. The software doomed to hack into their system is a variant of one that is commercially available on Cybercrime forums for a sum of $1,800 for the “sale version” and $2,300 for the “full version”, which also allows the bad guys to encrypt the data they’ve stolen.

Because Target and major corporations that are similar are thought to be highly protected, the thought of this attack is obtuse. The standards retailers follow and set forth by the payment industry are meant to keep data safe. However, it turns out that if a hacker can break into the corporate system itself, all those standards are pretty useless. So useless in fact that the hackers kept coming back to gather data almost daily for over the course of several weeks. And as the final result showed, they didn’t just stop with sales data. That means they roamed over Target’s network and firewalls by making Target’s software think that they weren’t malicious.

Just like personal computers, Target has firewalls that act as guards to malicious threats, websites or software found on the internet. It also ensures that one isn’t implanted within a computer system if for some reason the user finds themselves in a trap. Large enterprises have both hardware and software to seal up all the ways in which people can access your computer on a more robust scale with a very limited amount of exemptions. One of those exceptions is the route or port used for the internet browsing traffic. You cannot close it if you want to use the internet.

So in effect, we rely on these firewalls or the software to dodge those bullets. Unfortunately, the hackers found a way to trick the system, allowing them to get into entitled access across the whole organization [4]. This is why there was such a large settlement reached. All of that information garnered hurt many connected businesses and individual people who had to cover the costs on their own to quickly save their livelihood. Now, it’s time for Target to pay up.

Dolman Law Group

We at Dolman Law Group shop at all the same stores that you do. Our families and loved ones go to Target for last minutes things or all day shopping adventures to get the things we need and want. Using our information to pay for purchases or receive coupons helps businesses connect to individuals on a personal level. Regrettably, with this transparent connection of information, people can be caught in a vulnerable position when criminals steal their information. These businesses we once trusted to keep our information safe, have faltered when modern advances overstep conventional retailer wisdom. Target now has the burden of not only settling millions of dollars to banks and individuals, but also the pressure to gain the victim and public’s trust back. Hopefully, with the addition of chip-embedded cards consumers will be fully protected.

Until then, call the lawyers of Dolman Law Group if you believe your personal credit and/or debt information is being used illegally. While the Target scandal is being settled, there are other cases where information is stolen and used that then starts up an entire chain of creditor harassment and debt collection calls. Our team of experienced credit and debt collection attorneys want you to know that we are on your side when you are feeling vulnerable and bullied by such institutions. Call (727) 853-6275 today for a free consultation and evaluation.

Dolman Law Group
5435 Main Street
New Port Richey, FL 34652
(727) 853-6275