On Dec. 19, retail giant Target revealed that some 40 million debit and credit card accounts had been stolen from its secure servers between Nov. 27 and Dec. 15, the peak of the holiday shopping season. While the data breach may not be a contender for the largest on record, it’s certainly one of the most public and is undoubtedly bringing concerns about data security into the public discourse.

Among the attentions the event has captured are those of the Department of Justice, attorneys general from multiple states as well as members of Senate. But while those investigations may not bear fruit in the short-term, Target‘s more immediate challenge comes directly from consumer groups, who have mounted a number of lawsuits against the company for their information mishap.

As of Dec. 23, at least 11 law suits had been filed against Target, each seeking class action status. “Complaints against the retailer, seeking unspecified damages, have now been filed in Massachusetts by Amanda Tirado; in Florida by Maria Cruz and Jade Gray; in Oregon by Lisa Purcell; in Washington by Kathi Syvlester; in California by Samantha Wredberg and Jennifer Kirk; in Illinois by Janice McCarter and Veronica Ponce; and in Minnesota, the state where Target is based, by Sarah Horton and in a joint case,” the BBC reported.

The suits claim that during the time of the breach, Target was slow in alerting consumers that a breach had happened, and this lapse directly resulted in the plaintiff’s loss of funds and credit.

One of the agencies stepping up its enforcement game when it comes to data security is the Federal Trade Commission. Richard Blumenthal of Connecticut and Chuck Schumer of New York have both requested that the FTC investigate the breach.

“If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information,” Blumenthal said in a letter to FTC Chairwoman Edith Ramirez on Monday, CBS News reported. “Its conduct would be unfair and deceptive.”

But some are still questioning whether or not Target is wholly at fault. As we’ve pointed out many times on InsideCounsel, the lack of standard concerning data security not only endangers the private information of consumers but also gives organization no clear standards to be held accountable to. In addition, the FTC has come under fire for enforcing policies that it is not federally blessed to pursue.

The big story here is not so much whether or not Target could have prevented the breach, but more the lack of protection for the public. Without a more proactive and standardized data security framework, you can expect to an increase in a data breach incidents in the coming years.


For more on data security, check out these additional stories:

NIST releases proposed cybersecurity framework

U.S. agencies show ‘limited’ progress in improving cybersecurity measures

European Union adoption of cybersecurity measures delayed