Target Breach Consumer Lawsuit to ProceedJudge Dismisses Retailer's Motion to Dismiss
A federal judge has denied a motion by Target to dismiss a consolidated class action lawsuit filed on behalf of consumers impacted by the retailer's December 2013 data breach that exposed 40 million payment cards and personal details for 70 million customers. That paves the way for the lawsuit to proceed to trial.
See Also: The Global State of Online Digital Trust
Paul Magnuson, the U.S. district court judge overseeing the Target case, dismissed some of the claims made by consumers, but said "the majority ... survive Target's motion [to dismiss]," according to a Dec. 18 memo.
The news comes just weeks after the judge ruled that a class action lawsuit brought on behalf of several banking institutions could move forward (see: Target Breach Suit Won't Be Dismissed).
In the consumer lawsuit, the plaintiffs allege that Target violated various state consumer laws and data breach statutes. They also allege, among other things, negligence, breach of implied contract and breach of agreements for the retailer's REDcard accounts. The plaintiffs are seeking unspecified damages as well as compensation for various breach-related expenses.
Target's primary argument in its motion to dismiss was that the consumer plaintiffs did not have a standing to raise any of their claims because they cannot establish "injury," or harm, as a result of the breach, the memo says.
"But plaintiffs have alleged injury," Magnuson says, identifying various pages of the lawsuit that list the impact of the breach on consumers, including unlawful charges on their payment cards, restricted or blocked access to bank accounts, inability to pay other bills and late payment charges or new card fees.
"Target ignores much of what is pled, instead contending that because some plaintiffs do not allege that their expenses were unreimbursed or say whether they or their bank closed their accounts, plaintiffs have insufficiently alleged injury," Magnuson says.
Among the claims made by plaintiffs that were dismissed by Magnuson was breach of contract - an allegation that Target breached a provision of its REDcard debit-card agreement in which it claimed to "use security measures that comply with federal law."
Target noted that the plaintiffs did not plead any federal law with which the retailer failed to comply. The plaintiffs responded that they are not required to plead the law, only sufficient facts to support their claim. But the judge noted: "Plaintiffs must plead the federal law or laws with which Target allegedly did not comply," giving the plaintiffs 30 days to file an amended complaint.
A spokesperson for Target declined to comment on the case, saying the company doesn't typically remark on pending litigation.
Analysis of Decision
The judge's decision to allow the consumer lawsuit to proceed is not surprising, says attorney Ronald Raether of the law firm Faruki Ireland and Cox PLL, which is not involved in the case.
"Plaintiffs' counsel has learned through years of experience how to plead a complaint" for breach-related cases, he says, referring to the judge's disagreement with Target that the consumer plaintiffs did not have standing to raise any of their claims. "The judge's statement speaks to the point that ... counsel has learned to plea injury and damages as to the specific plaintiffs."
Target was also in a difficult position having to push back on a seven-count complaint from consumer plaintiffs, says Francoise Gilbert, founder of the IT Law Group, another firm not involved in the Target case. "It is not surprising that [the retailer] was not able to win its arguments on each of these counts," she says. "Complaints are becoming more refined and more incisive."