Nearly two months after retail giant Target first disclosed a massive data breach that resulted in approximately 40 million credit and debit card accounts being compromised, one may expect that the number of new lawsuits against the company would be starting to wind down.

However, while Target may be stemming the tide of the multiple class action lawsuits coming its way from angry consumers, one new set of challengers is beginning to emerge: upset financial institutions.

According to the Wall Street Journal, Target has begun to see lawsuits from small banks that suffered losses in the wake of the data breach. The WSJ reports that Target already faces seven class action lawsuits started by these institutions, alleging that Target did not perform due diligence in protecting its data.

“Retailers owe these banks a duty to protect consumer data and if they were negligent, Target is going to have a liability,” said Gary Lynch, an attorney who filed a class action suit for Pennsylvania-based First Choice Federal Credit Union.

In the suits, banks claim that Target’s negligence could force the financial institutions to pay millions in dollars to reissue cards and repay compromised customers. The banks could also seek damages for business lost if it is determined that customers lost confidence in credit card purchases as a result of the breach.

Target has not commented on this new wave of legislation. As a result of the breach, which was recently revealed to include more compromised information than previously thought, Target has offered customers a free year of credit monitoring and the guarantee that customers will not be responsible for fraudulent purchases.

With the number of lawsuits headed Target’s way still increasing, other retailers have begun making cybersecurity an increased priority. In late January, retailers petitioned Congress for increased cybersecurity regulation that could help protect companies from breaches. Companies are also reevaluating their compliance standards, seeking to go above and beyond baseline regulatory standards in order to protect the company from future lawsuits.


InsideCounsel has been following the Target story from the beginning. Follow the most recent developments with us:

Target breach lasted three additional days, stealing more customer data than originally thought

IT can decrease security risk through ISO 27000 and PCI

AG Holder confirms Target data breach investigation by DOJ

Assessing the risks of private data