The US District Court (District of Minnesota) has granted class certification to a group of financial institutions in the data breach case against Target Corporation. The financial institutions issued payment cards such as credit and debit cards to consumers who used those cards at Target stores during the 2013 data breach.
The financial institutions alleged that Target was negligent in failing to provide sufficient security to prevent the hackers from accessing customer data. The financial institutions alleged that they suffered injury in the form of replacing cards for their customers, reimbursing fraud losses, and taking various other remedial steps in response to the Target data breach.
The US District Court rejected Target’s argument that the financial institutions’ injuries were limited to “risk of future harm”, on the basis that the financial institutions have already suffered injury. According to a September 2014 American Bankers Association survey, the affected financial institutions had to reissue “nearly every card” that was subject to an alert after the Target breach.