Target Heads to Court Over Data Breach

Target Heads to Court Over Data Breach Photo: Jay Reed via Wikimedia Commons. Target.

This month’s resignation of Target Corp. chief executive officer Gregg Steinhafel came as a federal judge in Minnesota holds the first hearing in the lawsuits filed over the retailer’s data breach—although both sides have expressed interest in settling the litigation.

Target’s board of directors, citing “the right time for new leadership,” announced on May 5 that Steinhafel had stepped down. Although the Minneapolis retailer gave no reasons for his departure, Steinhafel oversaw Target’s handling of the breach, which compromised the credit- and debit-card information, and personal information, of about 110 million customers during the holiday season last year.

John Mulligan, the chief financial officer who testified in Washington before congressional committees about the breach, is now Target’s interim chief executive.

In court, where more than 100 lawsuits have been filed over the breach, U.S. District Judge Paul Magnuson will hold an initial status conference on Wednesday. The U.S. Judicial Panel on Multidistrict Litigation transferred all the cases to Magnuson last month.

But both sides already have indicated a desire to settle the litigation before it even begins, according to briefs filed with the court.

“Target remains open to discussion of settlement and anticipates exploring the possibility of early resolution with lead counsel between now and a ruling on Target’s forthcoming motions to dismiss,” wrote Target attorney Wendy Wildung, a partner in the Minneapolis office of Faegre Baker Daniels.

Target spokeswoman Molly Snyder did not respond to a request for comment.

Most of the lawsuits are class actions filed by consumers, but 29 were brought by banks and other financial institutions. Shareholders have filed at least four derivative actions against Target and its officers and directors, including Steinhafel.

Charles Zimmerman, founding partner of Zimmerman Reed in Minneapolis, who filed a brief on behalf of the banks, said he was open to settlement.

“Both sides have indicated a willingness to resolve it,” he told The National Law Journal. “Target wants and needs a resolution. The banks want and need a resolution. Nothing I would do would get in the way of that.”

Vincent Esades, equity member at Heins Mills & Olson in Minneapolis, who filed a brief for consumers, didn’t return a call for comment.

Consumers allege that Target failed to protect their data despite being aware of the risk as early as 2007. The banks, armed with a Minnesota state statute that allows financial institutions to pursue costs against a retailer, are seeking costs associated with reimbursing their customers for fraudulent charges and reissuing cards.

Target has appointed a new chief information officer and outlined a plan to invest $100 million to convert its customer store cards to a chip technology considered more secure against hackers.

In its brief, Target said it would fight certification of a nationwide class. And although Target hasn’t yet responded to the allegations, the retailer indicated it would argue that consumers lack standing since most weren’t injured by the breach.

During a conference on the litigation in March, plaintiffs attorneys acknowledged their biggest hurdle would be to prove economic loss, since most of Target’s customers didn’t have fraudulent charges on their cards. Attorneys hope to use common-law negligence and consumer-fraud statutes to pursue what they say are damages to their clients’ privacy and identity.

Contact Amanda Bronstad at abronstad@alm.com.

LOAD MORE