Target’s massive data breach, in which criminals were able to drop malware onto point-of-sale systems and compromise at least 40 million credit and debit cards, is now the subject of a federal lawsuit by banks who issued those cards. And Target is arguing in court today that those claims should be thrown out, Bloomberg reports—because the company claims it had no obligation to protect the banks from damages.
The suit has been brought by five banks—First Federal Savings, Village Bank, Umpqua Bank, Mutual Bank, and Louisiana’s CSE Federal Credit Union. As a group, the banks are claiming losses because the breach exceeded $5 million. The lawsuit is playing out as representatives from financial organizations, including the US’ two major credit union industry associations, are pressing Congress to take action to hold retailers more accountable for payment data breaches and to bring them under the same privacy standards as financial institutions with regard to financial data.
Major retailer data breaches over the past year, including the ones at Target and Home Depot, have caused banks and credit unions to have to reissue hundreds of millions of payment cards. The Home Depot breach, first reported in September, was revealed last week to have exposed 53 million customer e-mail addresses, as well as 56 million payment cards.