InfoBytes Blog
Minnesota Federal Judge Allows Data Breach Suit Against Target to Proceed
On December 2, District Judge Paul Magnuson denied Target’s motion to dismiss the class action suit brought by banks in response to its 2013 data breach. In re: Target Corporation Customer Data Security Breach Litigation, MDL No. 14-2522 (D. Minn., Dec. 2, 2014). The banks have alleged four claims against Target: (i) a general negligence claim that Target breached its duty to provide security and prevent the data breach; (ii) that Target violated Minnesota’s Plastic Security Card Act (PSCA) by retaining customer data which was subsequently stolen; (iii) that a violation of the PSCA is negligence per se; and (iv) a negligent misrepresentation by omission claim that Target made public statements regarding the strength of their data security system when they knew or should have known it was deficient. The first three were allowed to proceed and the last was dismissed with leave to amend the complaint for a failure to allege the requisite reliance upon Target’s assertion of its secure system. Notably, Judge Magnuson found that the PSCA applies to all transactions completed by a company operating in Minnesota, not just transactions occurring within the state.