On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group of banks can proceed to sue Target for negligence in the December 2013 breach that resulted in the theft of 40 million consumer credit card numbers as well as personal information on 70 million customers. The banks alleged that Target had “failed to heed warning signs” that would have stymied the banks' losses.
The breach occurred between mid-November and mid-December in 2013, after hackers placed malware on Target POS systems that made it possible for them to steal credit card numbers as consumers swiped. The vast number of people affected by the breach made Target's hack the most notorious, but subsequent reports revealed that Target was only one of many big-name retail stores that had credit card data stolen—Neiman Marcus, Michaels, and later Home Depot customers were also revealed to be targets.
After the breach, multiple banks and consumers sued Target in Minnesota, where the company is headquartered. The lawsuits from both banks and consumers were grouped together into two consolidated class action complaints. Target filed a motion to dismiss the claims made by the financial institutions, but District Court Judge Paul A. Magnuson ruled that the plaintiffs' claims were valid.