Target guilty of massive $30m data breach

Retailer found responsible for huge data hack, clearing path for banks to sue

Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses.

The retailer suffered a huge data hack over November and December 2013, in which the details of 40 million credit cards were stolen by cyber criminals who infected store payment systems with malware.

A year on, Minnesota district court judge Paul Magnuson has ruled that Target was negligent in the holiday breach.

He referred to the fact the retailer had ignored alerts from its $1.6 million early-warning system provided by FireEye, as well as referring to the company purposefully disabling security software that could have thwarted the attack.

He said: "Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur.

"Plaintiffs' allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.

"Target held itself out as having secure data systems when Target knew that it did not have secure systems and had taken affirmative steps to make its systems more vulnerable to attack."

Target was also guilty of having inadequate network sequestration, which enabled hackers to access the point-of-sale network using an external contractor's details.

The ruling clears the way for banks to sue the retailer for their losses in the $30 million incident, following heated debates between unions representing retailers and banks.

The National Retail Federation and the Retail Industry Leaders Association claims data breach costs should be shared between retailers and banks because retailers spend an alleged $6 billion a year on data security.

This was rebutted by Credit Union National Association CEO, Jim Nussle, who said: "In our most recent survey, released just yesterday, credit unions told us that - to date - they have received no reimbursements for the Target breach, now more than 10 months after the breach occurred. "In short, we'll back off highlighting the costs of data breaches on credit unions when merchants step up and take responsibility, adopt the same data standards, and stop making consumers vulnerable."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lawmakers signal changes for big tech in antitrust hearings
Policy & legislation

Lawmakers signal changes for big tech in antitrust hearings

26 Feb 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
FedEx and DHL phishing emails target Microsoft users
phishing

FedEx and DHL phishing emails target Microsoft users

24 Feb 2021
President Biden and Senator Schumer ready semiconductor supply chain initiatives
Hardware

President Biden and Senator Schumer ready semiconductor supply chain initiatives

24 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021