Target data breach

In December 2013, a cyber-security blogger broke the story that Target, one of the country’s largest retailers, had experienced the then-largest data breach in history, exposing tens of millions of its customers’ sensitive payment card and personal information to third parties. Days later, Target emailed over 100 million of its customers to confirm the data breach.

Action

Hausfeld was one of the first law firms to file a case on behalf of banks and credit unions who suffered financial losses resulting from the data breach. Financial institutions are often hit hardest by retailer data breaches, as they must cover the cost of replacing millions of credit and debit cards - as well as the potentially staggering amounts of fraud losses - for their customers. As third parties to the merchant/customer relationships, financial institutions often don’t have the leverage to force retailers to undertake stringent security measures to prevent data breaches from happening.

Jumping into this complex and evolving area of law, our lawyers took the lead in discovery of Target’s actions in the lead up to the data breach, engaging with cyber-security experts, studying database logs, deposing Target’s top executives and security personnel, and building the forensic story of the breach.

We also analyzed the complicated relationship between financial institutions, credit card issuers, and merchants to develop creative settlement solutions that would maximize monetary recovery for our clients.

Outcome

After two years of hard-fought litigation, the case settled for $60 million - then the largest data breach settlement in history, and the first to take advantage of the payment card issuers’ own infrastructure to reimburse financial institutions for their out-of-pocket losses. On top of this significant monetary relief, the settlement also achieved injunctive relief that would heighten the security standards at place within Target and ensure that financial institutions and customers would be protected from future breaches.

As data breaches became more common in the years following 2013, the innovative framework of the Target data breach settlement served as a model for many settlements to follow. Partner James Pizzirusso remains a sought-after expert on data breach litigation and regularly serves in leadership positions to help drive similar cases forward towards favorable outcomes for our clients.