A group of southern Minnesota banks is suing Target Corporation over the costs of the data breach that compromised millions of credit and debit cards. The five First Farmers and Merchants National Banks accuse Target of negligence, breach of contract and violating Minnesota’s Plastic Card Security Act. The 2007 law requires merchants that wrongly retain card data to reimburse financial institutions for the costs of replacing cards. This is believed to be the first federal lawsuit filed against Target in its home state.
The holiday season data breach at retailing giant Target is prompting a look at Minnesota data protection laws. The theft late last year of financial and personal data from millions of customers is a driving force behind a bill that a Minnesota House commerce committee was discussing Tuesday. It would require notifying individuals whose information may have been stolen, and could lead to $100 gift cards for victims. Notification must occur within 48 hours of discovery of the breach. Victims of data theft also must be offered free credit monitoring for one year. And individuals whose information was compromised would be entitled to a hundred-dollar gift card that is valid for at least one year. An existing state law already requires notification of consumer-reporting agencies if there are more than 500 victims.
Target says that the massive data breach over the holidays helped push its profit down 46%. The retailer announced today (WED) that sales fell 5.3% as the breach scared off customers. Target says it earned $520-million for the three months that ended February 1st. That compares with a profit of $961-million a year earlier. Target’s revenue reportedly fell by around $1.2-billion as well.