Target guilty of massive $30m data breach
Retailer found responsible for huge data hack, clearing path for banks to sue
Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses.
A year on, Minnesota district court judge Paul Magnuson has ruled that Target was negligent in the holiday breach.
He referred to the fact the retailer had ignored alerts from its $1.6 million early-warning system provided by FireEye, as well as referring to the company purposefully disabling security software that could have thwarted the attack.
He said: "Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur.
"Plaintiffs' allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.
"Target held itself out as having secure data systems when Target knew that it did not have secure systems and had taken affirmative steps to make its systems more vulnerable to attack."
Target was also guilty of having inadequate network sequestration, which enabled hackers to access the point-of-sale network using an external contractor's details.
The ruling clears the way for banks to sue the retailer for their losses in the $30 million incident, following heated debates between unions representing retailers and banks.
The National Retail Federation and the Retail Industry Leaders Association claims data breach costs should be shared between retailers and banks because retailers spend an alleged $6 billion a year on data security.
This was rebutted by Credit Union National Association CEO, Jim Nussle, who said: "In our most recent survey, released just yesterday, credit unions told us that - to date - they have received no reimbursements for the Target breach, now more than 10 months after the breach occurred. "In short, we'll back off highlighting the costs of data breaches on credit unions when merchants step up and take responsibility, adopt the same data standards, and stop making consumers vulnerable."
Security analytics for your multi-cloud deployments
IBM Security QRadar SIEM solution briefDownload now
Five reasons to move to the cloud
Join the enterprises moving their workloads to the cloudDownload now
Architecting hybrid IT and edge for digital advantage
Why business leaders should consider a hybrid IT strategyDownload now
Six reasons to accelerate remote asset monitoring with AI
How to optimise resources, increase productivity, and grow profit margins with AIDownload now