In mid-December, Target announced that it had suffered a wide-reaching security breach that potentially affected the accounts of millions of credit and debit card holders. Later reports indicated that the data breach affected even more people than the retailer had originally announced, perhaps as many as 110 million consumers, and that the stolen information included customer names, credit and debit card numbers, card expiration dates, and encrypted personal identification numbers (PINs).
The Target data breach made headlines across the country and did not escape the attention of the plaintiffs’ bar. Two days after Target disclosed the security breach, three separate purported class actions were filed in Minnesota, New York, and California, and many more were filed later in December and in January with most claiming that Target was negligent in its handling of credit and debit card data by failing to protect consumers’ private information. As of mid-January, over fifty purported class action suits against the retailer were pending across the nation.