In addition to the consumer lawsuits arising out of last year’s massive data breach, Target faces a potentially more problematic lawsuit brought by financial institutions that issued credit and debit cards affected by the breach. Those card issuers claim to be out of pocket billions of dollars in connection with replacing cards and servicing breach-impacted customers. Importantly, unlike cases brought by consumers, card issuer lawsuits may not be susceptible to some of the legal defenses that have led to early dismissal of many consumer data breach claims.
On December 2nd, Target lost its motion to dismiss the card issuers’ lawsuit. Although the court’s decision was based solely on the adequacy of the card issuers’ pleadings and not on the actual merits of their claims, an important take away message emerges, even at this preliminary stage of the case — information governance practices can land companies in big trouble or they can provide an important defense against information-related claims. [Read more…]