This ruling may convince retailers like Target to take data breaches more seriously
The data breach said to have affected 110 million consumers who shopped at Target in the tail-end of 2013 might become even more expensive for the beleaguered retailer.
According to Reuters, a judge says consumers whose credit cards were compromised via the breach will be allowed to sue the company because the plaintiffs "plausibly allege that they suffered injuries that are 'fairly traceable' to Target's conduct."
US District Judge Paul Magnuson also said earlier this month that banks affected by the data breach could sue Target for the cost of replacing an estimated 40 million credit or debit cards. The reasoning for both decisions is similar: there's a good chance Target failed to properly secure consumer data or respond to the hack as well as it should have.
Target now faces the possibility of having to reimburse banks, which spent a collective $400 million replacing cards whose information was stolen during the data breach, and cover the cost of credit monitoring services and other fees incurred because of the hack. It might also become the foundation of a campaign against other retailers and payment companies whose actions or inaction have led to similar leaks of private information.
That's bad news for other companies which have been hacked in the last year. The full list is probably too long to include here, but some of the more high-profile hacks have occurred at the Home Depot, Kmart, and other businesses across the United States. In many ways, the increasing frequency of these breaches is making them seem commonplace:
Target’s data breach was a shock. The Home Depot’s was an irritation. The news that a few hundred Jimmy John’s stores were compromised by an attacker barely seems newsworthy.
Forget the issues major companies have implementing basic security tools, or the ingenuity with which attackers gain access to their targets — neither is the biggest threat to our security. Sure, they’re horrifying, but they’re not as scary as the idea that people just don’t give a damn. But perhaps it will finally be enough to convince companies they need to handle information as sensitive as someone's credit or debit card number -- not to mention the email addresses, phone numbers, or physical addresses many retailers collect -- with a little more care. It's no longer acceptable for companies not to vet their hires or transfer unencrypted payments data or refrain from incorporating even basic security measures.