Litigation: Minimizing the risk of data breach class actions from Target's example

The legal consequences of a breach can be minimized by taking at least these three steps

In mid-December, Target announced that it had suffered a wide-reaching security breach that potentially affected the accounts of millions of credit and debit card holders. Later reports indicated that the data breach affected even more people than the retailer had originally announced, perhaps as many as 110 million consumers, and that the stolen information included customer names, credit and debit card numbers, card expiration dates, and encrypted personal identification numbers (PINs).

The Target data breach made headlines across the country and did not escape the attention of the plaintiffs’ bar. Two days after Target disclosed the security breach, three separate purported class actions were filed in Minnesota, New York, and California, and many more were filed later in December and in January with most claiming that Target was negligent in its handling of credit and debit card data by failing to protect consumers’ private information. As of mid-January, over fifty purported class action suits against the retailer were pending across the nation.

Contributing Author

author image

Lawrence T. Gresser

Lawrence T. Gresser is a co-founder and the managing partner of Cohen & Gresser LLP and a member of the firm’s Litigation and Arbitration practice...

Bio and more articles

Contributing Author

author image

Karen Bromberg

Karen H. Bromberg is a partner with Cohen & Gresser LLP and heads its intellectual property and technology group.

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.