Target Corp. (NYSE: TGT) is being sued by a Christmas shopper claiming that the chain's recent data breach affecting 40 million debit and credit cards led to her identity being stolen. The lawsuit, filed yesterday in federal court in San Francisco, comes just one day after the retailer admitted that millions of customers' data was hacked from Target stores from Nov. 27 to Dec. 15.
The lawsuit claims the stolen data allows for credit and debit cards to be counterfeited using personal information stored on the magnetic stripe of cards, which would include the name of the customer, card number, the card's expiration date and the three-digit CVV security code. This data may also include customers' personal pin numbers for debit cards which would allow theives to withdraw money from ATM's.
"Target failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach," according to the complaint.
Though details of the massive data breach at Target are still emerging, analysts estimate that the retailer will likely have to pay tens of millions of dollars in remediation and notification costs, fines, legal fees and settlements. With 40 million customers possibly affected, the total would make the breach the largest involving payment cards since a hack of payment processor Heartland in 2009 compromised upwards of 100 million cards. In the Heartland ordeal, the company ended up spending $140 million in costs related to the breach. Other victims of major breaches have spent similar sums settling with credit card companies, banks and customers.
There's still no word yet from Target on how the data breach occurred. Reports suggest that either hackers penetrated the company's point of sale (POS) network or malware was somehow inserted into card swipe devices used by customers.
In addition to the massive financial hit on the horizon, Target is also currently experiencing a public relations nightmare, a detrimental factor considering the vital Christmas shopping weekend ahead. After Target confirmed the security breach on Thursday, many customers were unable access their account information to check for alarming charges on their credit or debit cards. Target's customer service phone line also was jammed, leading irate customers to rant on the company's Facebook page and speak to local media outlets.
In one instance, Christopher Browning, a Target customer from Chesterfield, Va., told Boston.com he was the victim of credit card fraud earlier this week and believes it was tied to a purchase he made at Target with his Visa card on Black Friday. When he called Visa on Thursday, the card issuer could not confirm his suspicions. He said he hasn't been able to get through to Target's call center.
''I won't shop at Target again until the people behind this theft are caught or the reasons for the breach are identified and fixed,'' Browning told Boston.com.
Target Data Breach Affects 40 Million Customers
Target's New Awesome Shop Aims To Drive Mobile Sales
Target Boosts Mobile Shopping For The Holidays
Target Will Up mCommerce Investment
Target, Kroger See a Surge in Digital Coupon Site Visits