Minneapolis, MN, United States (4E) – Retail giant Target is facing at least five lawsuits from customers for failing to prevent the theft of their credit and debit card information and for lately informing them about the theft.
Three customers filed two separate suits in the U.S. District Court in Minnesota while a Portland, Oregon woman filed a class-action lawsuit in a similar court on Friday. There were also two damage suits filed in California.
Theresa Burkstrand of New Hope and Bryan Barth of Minneapolis were among the plaintiffs in one petition. Through attorney E. Michelle Drake, they accused Target of failing to secure the payment information of its customers over the busy holiday shopping season and exposing them to fraudulent charges, identity theft, and damage to their credit scores. Both are seeking $5 million in damages.
Target announced Thursday that hackers accessed its computers and stole the names, numbers and expiration dates of credit and debit cards of about 40 million customers who shopped at the chain’s stores between Nov. 27 and Dec. 15.
Burkstrand and Barth also complained in the suit that the zip codes of Target stores were also stolen by cyber thieves. Drake said this allowed thieves to possibly avoid detection by fraud investigators of purchases in the states where the original cards were issued.
Burkstrand and Barth further accused Target of negligence for not immediately revealing the security breach and for violating a Minnesota law that requires companies to notify customers of such incidents in a timely manner.
The other suit in Minnesota is from Sarah Horton. Her attorney, Gregory McEwen, said she accused Target of breaching its fiduciary duty by improperly storing data and not safeguarding it and that it was guilty of breach of contract. Horton also accused Target of making its computer network for processing and storing the Sensitive Personal Information vulnerable.
In Portland, plaintiff Lisa Purcell is seeking $5 million in damages. She accused Target of failing “to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” according to KGW.com.