The class action lawsuit in connection with the Target stores security breach is an important one in a rapidly developing field of cyber law. In the case, the plaintiffs allege that in late November 2013 certain Eastern European hackers stole Target’s network credentials from its HVAC contractors. Using the credentials, the hackers were able to access to Target’s computer network, upload card-stealing software onto Target’s cash registers, and begin collecting Targets’ customers’ credit and debit card information.
Although Target had measures in place to detect attacks, plaintiffs contend Target ignored warnings from malware detection and antivirus systems that twice spotted suspicious activity on Target’s network in late 2013. Plaintiffs also allege that Target ignored the alerts while the hackers continued to steal card data from Target’s systems unabated until December 12, 2013 – the day United States Justice Department allegedly alerted Target to the breach and Target began purging its computer systems of the malware.
The Target_Complaint is available for download and we encourage clients to peruse it for color on how courts are considering this rapidly changing area of law.
This case highlights some areas companies can focus on to both better protect customers from injury and mitigate litigation risks in the context of the NIST Cybersecurity Framework’s core functions.
* * * * *
Jason D. Gabbard is a partner at Forefront and the related New York law firm of Gabbard & Kamel PLLC with a focus on corporate transactions and cyber security. Forefront attorneys are available to assist with any questions you may have regarding these issues. To arrange a consultation, please contact Mr. Gabbard – Partner (New York) at +1-646-290-9001.