Monday, 8 December 2014

Judge Rules Banks Can Sue Target for 2013 Credit Card Hack

A district Court judge in Minnesota ruled that a group of banks can proceed to sue Target for negligence in the December 2013 breach that resulted in the theft of 40 million consumer credit card numbers as well as personal information on 70 million customers. The banks alleged that Target had “failed to heed warning signs” that would have stymied the banks' losses.
After the breach, multiple banks and consumers sued Target in Minnesota, where the company is head quartered. 
The decision could lead to significant changes in the way the cost of fraud is distributed among parties in the credit card ecosystem. Where once banks and merchant acquirers would have to shoulder the burden of fraud, now, potentially, the order from Magnuson could pave the way for more card-issuing banks to sue merchants for not protecting their POS systems properly.
The New York Times reports that “The cost of replacing stolen cards from Target’s breach alone is roughly $400 million—and the Secret Service has estimated that some 1,000 American merchants may have suffered from similar attacks.” 
Target had purchased and installed a new security program from FireEye just months before the breach. 
“On or about November 30, 2013, the hackers installed exfiltration malware – a program that takes the stolen information and moves it from Target’s computer systems to the hackers’ computer systems after several days,” the complaint reads. “FireEye, Target’s new security software provider, detected that the hackers were uploading the malware and alerted Target’s security team about the suspicious activity. Target’s security team took no action.”

No comments:

Post a comment